From ae254eae76c261705465d8911101628dd9986cc1 Mon Sep 17 00:00:00 2001 From: Jens Kraemer Date: Fri, 7 May 2021 10:42:11 +0800 Subject: [PATCH] replaces uses of Digest::MD5 and Digest::SHA1 with AS::Digest - the actual digest used by ActiveSupport::Digest defaults to SHA1 and can be configured with the config.active_support.hash_digest_class configuration option, i.e. Rails.application.config.active_support.hash_digest_class = OpenSSL::Digest::SHA256 - this helps adapt Redmine for use in FIPS environments where currently MD5 is forbidden and use of SHA1 is discouraged. --- app/controllers/repositories_controller.rb | 2 +- app/models/attachment.rb | 4 ++-- app/views/repositories/_dir_list_content.html.erb | 2 +- .../lib/open_id_authentication/mem_cache_store.rb | 3 +-- lib/redmine/wiki_formatting.rb | 4 +--- lib/redmine/wiki_formatting/markdown/formatter.rb | 4 ++-- lib/redmine/wiki_formatting/textile/formatter.rb | 5 ++--- test/functional/wiki_controller_test.rb | 2 +- test/helpers/avatars_helper_test.rb | 4 ++-- .../lib/redmine/wiki_formatting/markdown_formatter_test.rb | 2 +- .../lib/redmine/wiki_formatting/textile_formatter_test.rb | 7 +++---- 11 files changed, 17 insertions(+), 22 deletions(-) diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index 45e969ba4..ac2366a08 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -277,7 +277,7 @@ class RepositoriesController < ApplicationController User.current.preference.save end @cache_key = "repositories/diff/#{@repository.id}/" + - Digest::MD5.hexdigest("#{@path}-#{@rev}-#{@rev_to}-#{@diff_type}-#{current_language}") + ActiveSupport::Digest.hexdigest("#{@path}-#{@rev}-#{@rev_to}-#{@diff_type}-#{current_language}") unless read_fragment(@cache_key) @diff = @repository.diff(@path, @rev, @rev_to) (show_error_not_found; return) unless @diff diff --git a/app/models/attachment.rb b/app/models/attachment.rb index c3c3fc8b3..67f6ac89f 100644 --- a/app/models/attachment.rb +++ b/app/models/attachment.rb @@ -134,7 +134,7 @@ class Attachment < ActiveRecord::Base end # Copies the temporary file to its final location - # and computes its MD5 hash + # and computes its hash def files_to_final_location if @temp_file self.disk_directory = target_directory @@ -565,7 +565,7 @@ class Attachment < ActiveRecord::Base if %r{^[a-zA-Z0-9_\.\-]*$}.match?(filename) && filename.length <= 50 ascii = filename else - ascii = Digest::MD5.hexdigest(filename) + ascii = ActiveSupport::Digest.hexdigest(filename) # keep the extension if any ascii << $1 if filename =~ %r{(\.[a-zA-Z0-9]+)$} end diff --git a/app/views/repositories/_dir_list_content.html.erb b/app/views/repositories/_dir_list_content.html.erb index ee68c1b7a..396c7f6d0 100644 --- a/app/views/repositories/_dir_list_content.html.erb +++ b/app/views/repositories/_dir_list_content.html.erb @@ -1,5 +1,5 @@ <% @entries.each do |entry| %> -<% tr_id = Digest::MD5.hexdigest(entry.path) +<% tr_id = ActiveSupport::Digest.hexdigest(entry.path) depth = params[:depth].to_i %> <% ent_path = Redmine::CodesetUtil.replace_invalid_utf8(entry.path) %> <% ent_name = Redmine::CodesetUtil.replace_invalid_utf8(entry.name) %> diff --git a/lib/plugins/open_id_authentication/lib/open_id_authentication/mem_cache_store.rb b/lib/plugins/open_id_authentication/lib/open_id_authentication/mem_cache_store.rb index cef6d8ed7..66ab5f2b8 100644 --- a/lib/plugins/open_id_authentication/lib/open_id_authentication/mem_cache_store.rb +++ b/lib/plugins/open_id_authentication/lib/open_id_authentication/mem_cache_store.rb @@ -1,6 +1,5 @@ # frozen_string_literal: false -require 'digest/sha1' require 'openid/store/interface' module OpenIdAuthentication @@ -69,7 +68,7 @@ module OpenIdAuthentication end def digest(text) - Digest::SHA1.hexdigest(text) + ActiveSupport::Digest.hexdigest(text) end end end diff --git a/lib/redmine/wiki_formatting.rb b/lib/redmine/wiki_formatting.rb index 99058462b..a96e381fe 100644 --- a/lib/redmine/wiki_formatting.rb +++ b/lib/redmine/wiki_formatting.rb @@ -17,8 +17,6 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -require 'digest/md5' - module Redmine module WikiFormatting class StaleSectionError < StandardError; end @@ -105,7 +103,7 @@ module Redmine # Returns a cache key for the given text +format+, +text+, +object+ and +attribute+ or nil if no caching should be done def cache_key_for(format, text, object, attribute) if object && attribute && !object.new_record? && format.present? - "formatted_text/#{format}/#{object.class.model_name.cache_key}/#{object.id}-#{attribute}-#{Digest::MD5.hexdigest text}" + "formatted_text/#{format}/#{object.class.model_name.cache_key}/#{object.id}-#{attribute}-#{ActiveSupport::Digest.hexdigest text}" end end diff --git a/lib/redmine/wiki_formatting/markdown/formatter.rb b/lib/redmine/wiki_formatting/markdown/formatter.rb index 9d1637125..588cdc9f2 100644 --- a/lib/redmine/wiki_formatting/markdown/formatter.rb +++ b/lib/redmine/wiki_formatting/markdown/formatter.rb @@ -69,13 +69,13 @@ module Redmine def get_section(index) section = extract_sections(index)[1] - hash = Digest::MD5.hexdigest(section) + hash = ActiveSupport::Digest.hexdigest(section) return section, hash end def update_section(index, update, hash=nil) t = extract_sections(index) - if hash.present? && hash != Digest::MD5.hexdigest(t[1]) + if hash.present? && hash != ActiveSupport::Digest.hexdigest(t[1]) raise Redmine::WikiFormatting::StaleSectionError end diff --git a/lib/redmine/wiki_formatting/textile/formatter.rb b/lib/redmine/wiki_formatting/textile/formatter.rb index 8f0200b33..728660a0a 100644 --- a/lib/redmine/wiki_formatting/textile/formatter.rb +++ b/lib/redmine/wiki_formatting/textile/formatter.rb @@ -18,7 +18,6 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. require File.expand_path('../redcloth3', __FILE__) -require 'digest/md5' module Redmine module WikiFormatting @@ -48,13 +47,13 @@ module Redmine def get_section(index) section = extract_sections(index)[1] - hash = Digest::MD5.hexdigest(section) + hash = ActiveSupport::Digest.hexdigest(section) return section, hash end def update_section(index, update, hash=nil) t = extract_sections(index) - if hash.present? && hash != Digest::MD5.hexdigest(t[1]) + if hash.present? && hash != ActiveSupport::Digest.hexdigest(t[1]) raise Redmine::WikiFormatting::StaleSectionError end diff --git a/test/functional/wiki_controller_test.rb b/test/functional/wiki_controller_test.rb index 032d3f30e..57613ff6e 100644 --- a/test/functional/wiki_controller_test.rb +++ b/test/functional/wiki_controller_test.rb @@ -632,7 +632,7 @@ class WikiControllerTest < Redmine::ControllerTest :version => 3 }, :section => 2, - :section_hash => Digest::MD5.hexdigest("wrong hash") + :section_hash => ActiveSupport::Digest.hexdigest("wrong hash") } end end diff --git a/test/helpers/avatars_helper_test.rb b/test/helpers/avatars_helper_test.rb index 8ea5918ae..3578f902a 100644 --- a/test/helpers/avatars_helper_test.rb +++ b/test/helpers/avatars_helper_test.rb @@ -31,11 +31,11 @@ class AvatarsHelperTest < Redmine::HelperTest end def test_avatar_with_user - assert_include Digest::MD5.hexdigest('jsmith@somenet.foo'), avatar(User.find_by_mail('jsmith@somenet.foo')) + assert_include ActiveSupport::Digest.hexdigest('jsmith@somenet.foo'), avatar(User.find_by_mail('jsmith@somenet.foo')) end def test_avatar_with_email_string - assert_include Digest::MD5.hexdigest('jsmith@somenet.foo'), avatar('jsmith ') + assert_include ActiveSupport::Digest.hexdigest('jsmith@somenet.foo'), avatar('jsmith ') end def test_avatar_with_anonymous_user diff --git a/test/unit/lib/redmine/wiki_formatting/markdown_formatter_test.rb b/test/unit/lib/redmine/wiki_formatting/markdown_formatter_test.rb index 561e7aa02..a2df1ec16 100644 --- a/test/unit/lib/redmine/wiki_formatting/markdown_formatter_test.rb +++ b/test/unit/lib/redmine/wiki_formatting/markdown_formatter_test.rb @@ -193,6 +193,6 @@ class Redmine::WikiFormatting::MarkdownFormatterTest < ActionView::TestCase assert_kind_of Array, result assert_equal 2, result.size assert_equal expected, result.first, "section content did not match" - assert_equal Digest::MD5.hexdigest(expected), result.last, "section hash did not match" + assert_equal ActiveSupport::Digest.hexdigest(expected), result.last, "section hash did not match" end end diff --git a/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb b/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb index 5ee4defe1..058537b13 100644 --- a/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb +++ b/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb @@ -19,7 +19,6 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. require File.expand_path('../../../../../test_helper', __FILE__) -require 'digest/md5' class Redmine::WikiFormatting::TextileFormatterTest < ActionView::TestCase def setup @@ -491,13 +490,13 @@ class Redmine::WikiFormatting::TextileFormatterTest < ActionView::TestCase assert_equal( [STR_WITHOUT_PRE[0], replacement, STR_WITHOUT_PRE[2..4]].flatten.join("\n\n"), @formatter.new(TEXT_WITHOUT_PRE). - update_section(2, replacement, Digest::MD5.hexdigest(STR_WITHOUT_PRE[1])) + update_section(2, replacement, ActiveSupport::Digest.hexdigest(STR_WITHOUT_PRE[1])) ) end def test_update_section_with_wrong_hash_should_raise_an_error assert_raise Redmine::WikiFormatting::StaleSectionError do - @formatter.new(TEXT_WITHOUT_PRE).update_section(2, "New text", Digest::MD5.hexdigest("Old text")) + @formatter.new(TEXT_WITHOUT_PRE).update_section(2, "New text", ActiveSupport::Digest.hexdigest("Old text")) end end @@ -725,6 +724,6 @@ class Redmine::WikiFormatting::TextileFormatterTest < ActionView::TestCase assert_kind_of Array, result assert_equal 2, result.size assert_equal expected, result.first, "section content did not match" - assert_equal Digest::MD5.hexdigest(expected), result.last, "section hash did not match" + assert_equal ActiveSupport::Digest.hexdigest(expected), result.last, "section hash did not match" end end -- 2.20.1