Copilot commented on code in PR #1288:
URL:
https://github.com/apache/cassandra-python-driver/pull/1288#discussion_r3150751718
##########
cassandra/metadata.py:
##########
@@ -1864,7 +1864,7 @@ class MD5Token(HashToken):
def hash_fn(cls, key):
if isinstance(key, str):
key = key.encode('UTF-8')
- return abs(varint_unpack(md5(key).digest()))
+ return
abs(varint_unpack(hashlib.md5(key,usedforsecurity=False).digest()))
Review Comment:
`hashlib.md5(..., usedforsecurity=False)` is not supported by all Python
implementations (e.g., PyPy may raise `TypeError: md5() takes no keyword
arguments`), which would break token hashing at runtime. Consider
feature-detecting support once (e.g., try calling with `usedforsecurity=False`
and fall back to a call without the kwarg) so the driver remains compatible
while still fixing FIPS on CPython/OpenSSL builds that honor the flag.
##########
cassandra/metadata.py:
##########
@@ -1864,7 +1864,7 @@ class MD5Token(HashToken):
def hash_fn(cls, key):
if isinstance(key, str):
key = key.encode('UTF-8')
- return abs(varint_unpack(md5(key).digest()))
+ return
abs(varint_unpack(hashlib.md5(key,usedforsecurity=False).digest()))
Review Comment:
PEP8/style: add a space after the comma in
`hashlib.md5(key,usedforsecurity=False)` for readability/consistency (i.e.,
`key, usedforsecurity=False`).
```suggestion
return abs(varint_unpack(hashlib.md5(key,
usedforsecurity=False).digest()))
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
