Revert "Change log hashing to SHA256"

We should exempt previous releases from this check. We should not change the behavior in a backport. This also adds nosec comment since this usage of sha1 is confined to log hashing. This reverts commit 52822f1c11. Change-Id: I8b2a479ee929f85d19fbea76ff082b725fc50e81
2018-09-03 21:13:21 +00:00 · 2018-09-03 21:13:21 +00:00 · 5c227e7e3f
parent 8efaa2a28b
commit 5c227e7e3f
2 changed files with 3 additions and 3 deletions
--- a/keystoneauth1/session.py
+++ b/keystoneauth1/session.py
@ -365,10 +365,10 @@ class Session(object):
        secure_headers = ('authorization', 'x-auth-token',
                          'x-subject-token', 'x-service-token')
        if header[0].lower() in secure_headers:
-            token_hasher = hashlib.sha256()
+            token_hasher = hashlib.sha1()  # nosec log hashing
            token_hasher.update(header[1].encode('utf-8'))
            token_hash = token_hasher.hexdigest()
-            return (header[0], '{SHA256}%s' % token_hash)
+            return (header[0], '{SHA1}%s' % token_hash)
        return header

    def _get_split_loggers(self, split_loggers):
--- a/keystoneauth1/tests/unit/test_session.py
+++ b/keystoneauth1/tests/unit/test_session.py
@ -324,7 +324,7 @@ class SessionTests(utils.TestCase):
        # Assert that response headers contains actual values and
        # only debug logs has been masked
        for k, v in security_headers.items():
-            self.assertIn('%s: {SHA256}' % k, self.logger.output)
+            self.assertIn('%s: {SHA1}' % k, self.logger.output)
            self.assertEqual(v, resp.headers[k])
            self.assertNotIn(v, self.logger.output)