Description of problem: Test results: >> Issue: [B303:blacklist] Use of insecure MD2, MD4, MD5, or SHA1 hash function. Severity: Medium Confidence: High Location: octavia/common/tls_utils/cert_parser.py:364 More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5 363 return data_models.TLSContainer( 364 id=hashlib.sha1(cert.get_certificate()).hexdigest(), 365 primary_cn=get_primary_cn(cert), -------------------------------------------------- >> Issue: [B303:blacklist] Use of insecure MD2, MD4, MD5, or SHA1 hash function. Severity: Medium Confidence: High Location: octavia/common/utils.py:41 More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5 40 def base64_sha1_string(string_to_hash): 41 hash_str = hashlib.sha1(string_to_hash.encode('utf-8')).digest() 42 b64_str = base64.b64encode(hash_str, str.encode('_-', 'ascii')) Version-Release number of selected component (if applicable): Latest 10 How reproducible: 100% Steps to Reproduce: 1. Clone repo 2. Checkout 13 branch and run 'tox -e pep8'
Fixed in https://review.openstack.org/#/c/593112/ Queens 2.0.2 (pending release approval https://review.openstack.org/#/c/593954/) will include this fix.