Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-12-23 13:27:20 -05:00
Code Issues Packages Projects Releases Wiki Activity

Make CodeQL happy

Browse Source 
Update a couple of hashes from SHA1 to SHA256
These were only used as keys in caches but try explaining
that SHA1 is perfectly safe for this use case to your typical security
person.
This commit is contained in:
Kovid Goyal 2025-09-15 13:32:41 +05:30
parent 0e1dc84203
commit f2c8596d56
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/calibre/srv/books.py
View File

@ -8,7 +8,7 @@ import os
import tempfile
import time
from functools import partial
from hashlib import sha1
from hashlib import sha256
from threading import Lock, RLock
from calibre.constants import cache_dir, iswindows
@ -58,7 +58,7 @@ def books_cache_dir():
def book_hash(library_uuid, book_id, fmt, size, mtime):
raw = json_dumps((library_uuid, book_id, fmt.upper(), size, mtime, RENDER_VERSION))
return as_unicode(sha1(raw).hexdigest())
return as_unicode(sha256(raw).hexdigest())
staging_cleaned = False

2
src/calibre/srv/code.py
View File

@ -455,7 +455,7 @@ def tag_browser(ctx, rd):
opts = categories_settings(rd.query, db, gst_container=tuple)
vl = rd.query.get('vl') or ''
etag = json_dumps([db.last_modified().isoformat(), rd.username, library_id, vl, list(opts)])
etag = hashlib.sha1(etag).hexdigest()
etag = hashlib.sha256(etag).hexdigest()
def generate():
return json(ctx, rd, tag_browser, categories_as_json(ctx, rd, db, opts, vl))