potiuk commented on code in PR #44081:
URL: https://github.com/apache/airflow/pull/44081#discussion_r1845061486
##########
airflow/models/dagcode.py:
##########
@@ -194,4 +194,9 @@ def dag_fileloc_hash(full_filepath: str) -> int:
import hashlib
# Only 7 bytes because MySQL BigInteger can hold only 8 bytes (signed).
- return struct.unpack(">Q",
hashlib.sha1(full_filepath.encode("utf-8")).digest()[-8:])[0] >> 8
+ return (
+ struct.unpack(
+ ">Q", hashlib.sha1(full_filepath.encode("utf-8"),
usedforsecurity=False).digest()[-8:]
+ )[0]
+ >> 8
+ )
Review Comment:
We already have CodeQL scanning and detecting those. I think it's unlkely we
will ever remove the flag, so it's not really prone to regression, what is more
worrying is if we start using it elsewhere - but for that CodeQL scanning
**should** in principle detect such future usages.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
