From b3c8383dea7ceb818674a085fd3135335950bc4b Mon Sep 17 00:00:00 2001 From: caplinje-NOAA Date: Mon, 25 Mar 2024 19:13:28 -0400 Subject: [PATCH 1/3] 'md5/sha1- --- dash/_callback.py | 2 +- dash/_utils.py | 6 +++--- dash/development/_jl_components_generation.py | 2 +- dash/development/build_process.py | 5 +++-- dash/long_callback/managers/__init__.py | 4 ++-- 5 files changed, 10 insertions(+), 9 deletions(-) diff --git a/dash/_callback.py b/dash/_callback.py index d2fa15742d..a0de008457 100644 --- a/dash/_callback.py +++ b/dash/_callback.py @@ -535,7 +535,7 @@ def register_clientside_callback( if isinstance(clientside_function, str): namespace = "_dashprivate_clientside_funcs" # Create a hash from the function, it will be the same always - function_name = hashlib.md5(clientside_function.encode("utf-8")).hexdigest() + function_name = hashlib.sha256(clientside_function.encode("utf-8")).hexdigest() inline_scripts.append( _inline_clientside_template.format( diff --git a/dash/_utils.py b/dash/_utils.py index 5b3b1d62e1..234dea31a3 100644 --- a/dash/_utils.py +++ b/dash/_utils.py @@ -142,7 +142,7 @@ def _concat(x): _id = x.component_id_str().replace(".", "\\.") + "." + x.component_property if x.allow_duplicate: if not hashed_inputs: - hashed_inputs = hashlib.md5( + hashed_inputs = hashlib.sha256( ".".join(str(x) for x in inputs).encode("utf-8") ).hexdigest() # Actually adds on the property part. @@ -213,9 +213,9 @@ def run_command_with_process(cmd): proc.communicate() -def compute_md5(path): +def compute_hash(path): with io.open(path, encoding="utf-8") as fp: - return hashlib.md5(fp.read().encode("utf-8")).hexdigest() + return hashlib.sha256(fp.read().encode("utf-8")).hexdigest() def job(msg=""): diff --git a/dash/development/_jl_components_generation.py b/dash/development/_jl_components_generation.py index 9fe33618dc..24999603d1 100644 --- a/dash/development/_jl_components_generation.py +++ b/dash/development/_jl_components_generation.py @@ -416,7 +416,7 @@ def generate_toml_file(project_shortname, pkg_data): u = uuid.UUID(jl_dash_uuid) package_uuid = uuid.UUID( - hex=u.hex[:-12] + hashlib.md5(package_name.encode("utf-8")).hexdigest()[-12:] + hex=u.hex[:-12] + hashlib.sha256(package_name.encode("utf-8")).hexdigest()[-12:] ) authors_string = ( diff --git a/dash/development/build_process.py b/dash/development/build_process.py index 2e9901def1..1aa4c7c38f 100644 --- a/dash/development/build_process.py +++ b/dash/development/build_process.py @@ -8,7 +8,7 @@ import fire import requests -from .._utils import run_command_with_process, compute_md5, job +from .._utils import run_command_with_process, compute_hash, job logger = logging.getLogger(__name__) coloredlogs.install( @@ -97,7 +97,8 @@ def digest(self): logger.info("bundles in %s %s", folder, copies) for copy in copies: - payload[f"MD5 ({copy})"] = compute_md5(self._concat(folder, copy)) + # note md5 has been replaced with sha256, leaving string 'MD5 (hash)' as is because impacts are unclear + payload[f"MD5 ({copy})"] = compute_hash(self._concat(folder, copy)) with open(self._concat(self.main, "digest.json"), "w", encoding="utf-8") as fp: json.dump(payload, fp, sort_keys=True, indent=4, separators=(",", ":")) diff --git a/dash/long_callback/managers/__init__.py b/dash/long_callback/managers/__init__.py index cf5dcd2182..651656c004 100644 --- a/dash/long_callback/managers/__init__.py +++ b/dash/long_callback/managers/__init__.py @@ -73,7 +73,7 @@ def build_cache_key(self, fn, args, cache_args_to_ignore): # Call cache function hash_dict[f"cache_key_{i}"] = cache_item() - return hashlib.sha1(str(hash_dict).encode("utf-8")).hexdigest() + return hashlib.sha256(str(hash_dict).encode("utf-8")).hexdigest() def register(self, key, fn, progress): self.func_registry[key] = self.make_job_fn(fn, progress, key) @@ -102,6 +102,6 @@ def _make_progress_key(key): def hash_function(fn, callback_id=""): fn_source = inspect.getsource(fn) fn_str = fn_source - return hashlib.sha1( + return hashlib.sha256( callback_id.encode("utf-8") + fn_str.encode("utf-8") ).hexdigest() From fd1d3ffc9e7ad2bb928116835ef940a58b2f465c Mon Sep 17 00:00:00 2001 From: caplinje-NOAA <133667496+caplinje-NOAA@users.noreply.github.com> Date: Sun, 31 Mar 2024 10:19:02 -0400 Subject: [PATCH 2/3] Updated payload string to reflect sha256 --- dash/development/build_process.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dash/development/build_process.py b/dash/development/build_process.py index 1aa4c7c38f..25183d6823 100644 --- a/dash/development/build_process.py +++ b/dash/development/build_process.py @@ -97,8 +97,7 @@ def digest(self): logger.info("bundles in %s %s", folder, copies) for copy in copies: - # note md5 has been replaced with sha256, leaving string 'MD5 (hash)' as is because impacts are unclear - payload[f"MD5 ({copy})"] = compute_hash(self._concat(folder, copy)) + payload[f"SHA256 ({copy})"] = compute_hash(self._concat(folder, copy)) with open(self._concat(self.main, "digest.json"), "w", encoding="utf-8") as fp: json.dump(payload, fp, sort_keys=True, indent=4, separators=(",", ":")) From e92e206da9e68d22a8ed7fb9b813b8a906367e95 Mon Sep 17 00:00:00 2001 From: caplinje-NOAA <133667496+caplinje-NOAA@users.noreply.github.com> Date: Tue, 2 Apr 2024 20:45:20 -0400 Subject: [PATCH 3/3] Update dash/development/build_process.py Co-authored-by: Philippe Duval --- dash/development/build_process.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dash/development/build_process.py b/dash/development/build_process.py index 25183d6823..1ef987b607 100644 --- a/dash/development/build_process.py +++ b/dash/development/build_process.py @@ -97,7 +97,7 @@ def digest(self): logger.info("bundles in %s %s", folder, copies) for copy in copies: - payload[f"SHA256 ({copy})"] = compute_hash(self._concat(folder, copy)) + payload[f"SHA256 ({copy})"] = compute_hash(self._concat(folder, copy)) with open(self._concat(self.main, "digest.json"), "w", encoding="utf-8") as fp: json.dump(payload, fp, sort_keys=True, indent=4, separators=(",", ":"))