Revert "Change log hashing to SHA256"
We should exempt previous releases from this check. We
should not change the behavior in a backport.
This also adds nosec comment since this usage of sha1 is
confined to log hashing.
This reverts commit 52822f1c11
.
Change-Id: I8b2a479ee929f85d19fbea76ff082b725fc50e81
This commit is contained in:
parent
8efaa2a28b
commit
5c227e7e3f
|
@ -365,10 +365,10 @@ class Session(object):
|
||||||
secure_headers = ('authorization', 'x-auth-token',
|
secure_headers = ('authorization', 'x-auth-token',
|
||||||
'x-subject-token', 'x-service-token')
|
'x-subject-token', 'x-service-token')
|
||||||
if header[0].lower() in secure_headers:
|
if header[0].lower() in secure_headers:
|
||||||
token_hasher = hashlib.sha256()
|
token_hasher = hashlib.sha1() # nosec log hashing
|
||||||
token_hasher.update(header[1].encode('utf-8'))
|
token_hasher.update(header[1].encode('utf-8'))
|
||||||
token_hash = token_hasher.hexdigest()
|
token_hash = token_hasher.hexdigest()
|
||||||
return (header[0], '{SHA256}%s' % token_hash)
|
return (header[0], '{SHA1}%s' % token_hash)
|
||||||
return header
|
return header
|
||||||
|
|
||||||
def _get_split_loggers(self, split_loggers):
|
def _get_split_loggers(self, split_loggers):
|
||||||
|
|
|
@ -324,7 +324,7 @@ class SessionTests(utils.TestCase):
|
||||||
# Assert that response headers contains actual values and
|
# Assert that response headers contains actual values and
|
||||||
# only debug logs has been masked
|
# only debug logs has been masked
|
||||||
for k, v in security_headers.items():
|
for k, v in security_headers.items():
|
||||||
self.assertIn('%s: {SHA256}' % k, self.logger.output)
|
self.assertIn('%s: {SHA1}' % k, self.logger.output)
|
||||||
self.assertEqual(v, resp.headers[k])
|
self.assertEqual(v, resp.headers[k])
|
||||||
self.assertNotIn(v, self.logger.output)
|
self.assertNotIn(v, self.logger.output)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue