Update md5 creation to work better on FIPS compliant OSes (#3362)

* update md5 creation for fips compliant OSes
aws-cloudformation · Jun 20, 2024 · 04011da · 04011da
1 parent 80d7c02
commit 04011da
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/src/cfnlint/match.py b/src/cfnlint/match.py
@@ -6,6 +6,7 @@
 from __future__ import annotations
 
 import hashlib
+import sys
 import uuid
 from dataclasses import InitVar, dataclass, field
 from pathlib import Path
@@ -53,7 +54,12 @@ class Match:
     rulematch_obj: InitVar[RuleMatch | None] = None
 
     def __post_init__(self, rulematch_obj):
-        hex_string = hashlib.md5(f"{self}".encode("UTF-8")).hexdigest()
+        if sys.version_info.major == 3 and sys.version_info.minor > 8:
+            hex_string = hashlib.md5(
+                f"{self}".encode("UTF-8"), usedforsecurity=False
+            ).hexdigest()
+        else:
+            hex_string = hashlib.md5(f"{self}".encode("UTF-8")).hexdigest()
         super().__setattr__("id", str(uuid.UUID(hex=hex_string)))
 
         if rulematch_obj:

diff --git a/src/cfnlint/template/transforms/_language_extensions.py b/src/cfnlint/template/transforms/_language_extensions.py
@@ -10,6 +10,7 @@
 import logging
 import random
 import string
+import sys
 from copy import deepcopy
 from typing import Any, Iterator, Mapping, MutableMapping, Tuple
 
@@ -204,7 +205,16 @@ def _replace_string_params(
         new_s = deepcopy(s)
         for k, v in params.items():
             if isinstance(v, dict):
-                v = hashlib.md5(json.dumps(v).encode("utf-8")).digest().hex()[0:4]
+                if sys.version_info.major == 3 and sys.version_info.minor > 8:
+                    v = (
+                        hashlib.md5(
+                            json.dumps(v).encode("utf-8"), usedforsecurity=False
+                        )
+                        .digest()
+                        .hex()[0:4]
+                    )
+                else:
+                    v = hashlib.md5(json.dumps(v).encode("utf-8")).digest().hex()[0:4]
             new_s = re.sub(rf"\$\{{{k}\}}", v, new_s)
             new_s = re.sub(rf"\&\{{{k}\}}", re.sub("[^0-9a-zA-Z]+", "", v), new_s)