-
Notifications
You must be signed in to change notification settings - Fork 366
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
move to pyproject.toml #1726
move to pyproject.toml #1726
Conversation
cc1788d
to
959764f
Compare
pyproject.toml
Outdated
"pytz", | ||
"sortedcontainers", | ||
"typing-extensions", | ||
"wait_for2==0.3.2", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe
"wait_for2==0.3.2", | |
"wait_for2==0.3.2; python_version < "3.12", |
since for Python 3.12+ it will never be imported
opcua-asyncio/asyncua/common/utils.py
Line 153 in add6edd
import wait_for2 |
cf https://packaging.python.org/en/latest/specifications/dependency-specifiers/#dependency-specifiers
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks
pyproject.toml
Outdated
|
||
[project.urls] | ||
Homepage = "http://freeopcua.github.io/" | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -170,8 +173,7 @@ | |||
if security_policy.host_certificate: | |||
chunk.SecurityHeader.SenderCertificate = security_policy.host_certificate | |||
if security_policy.peer_certificate: | |||
chunk.SecurityHeader.ReceiverCertificateThumbPrint =\ | |||
hashlib.sha1(security_policy.peer_certificate).digest() | |||
chunk.SecurityHeader.ReceiverCertificateThumbPrint = hashlib.sha1(security_policy.peer_certificate).digest() |
Check failure
Code scanning / CodeQL
Use of a broken or weak cryptographic hashing algorithm on sensitive data High
Sensitive data (certificate)
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 2 months ago
To fix the problem, we need to replace the use of the SHA-1 hashing algorithm with a stronger alternative, such as SHA-256. This change will ensure that the certificate hashing is more secure and resistant to collision attacks.
- General Fix: Replace the SHA-1 hashing algorithm with SHA-256.
- Detailed Fix: Modify the line where
hashlib.sha1
is used tohashlib.sha256
. - Specific Changes: Update line 176 in the file
asyncua/common/connection.py
. - Required Changes: Import the
hashlib
module (already present), and change the hashing function fromsha1
tosha256
.
-
Copy modified line R176
@@ -175,3 +175,3 @@ | ||
if security_policy.peer_certificate: | ||
chunk.SecurityHeader.ReceiverCertificateThumbPrint = hashlib.sha1(security_policy.peer_certificate).digest() | ||
chunk.SecurityHeader.ReceiverCertificateThumbPrint = hashlib.sha256(security_policy.peer_certificate).digest() | ||
chunk.MessageHeader.ChannelId = channel_id |
looks ok @rth ? I am thinking about merging that asap |
The resulting |
Feel free to do it. My main goal was to start using uv and doing automated formatting. |
No description provided.