From f2c8596d56bbb40c99b17741d91cf4ea255e6b43 Mon Sep 17 00:00:00 2001 From: Kovid Goyal Date: Mon, 15 Sep 2025 13:32:41 +0530 Subject: [PATCH] Make CodeQL happy Update a couple of hashes from SHA1 to SHA256 These were only used as keys in caches but try explaining that SHA1 is perfectly safe for this use case to your typical security person. --- src/calibre/srv/books.py | 4 ++-- src/calibre/srv/code.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/calibre/srv/books.py b/src/calibre/srv/books.py index 29b2d18ea0..95544115f2 100644 --- a/src/calibre/srv/books.py +++ b/src/calibre/srv/books.py @@ -8,7 +8,7 @@ import os import tempfile import time from functools import partial -from hashlib import sha1 +from hashlib import sha256 from threading import Lock, RLock from calibre.constants import cache_dir, iswindows @@ -58,7 +58,7 @@ def books_cache_dir(): def book_hash(library_uuid, book_id, fmt, size, mtime): raw = json_dumps((library_uuid, book_id, fmt.upper(), size, mtime, RENDER_VERSION)) - return as_unicode(sha1(raw).hexdigest()) + return as_unicode(sha256(raw).hexdigest()) staging_cleaned = False diff --git a/src/calibre/srv/code.py b/src/calibre/srv/code.py index 4f49976cae..29ba31cdaf 100644 --- a/src/calibre/srv/code.py +++ b/src/calibre/srv/code.py @@ -455,7 +455,7 @@ def tag_browser(ctx, rd): opts = categories_settings(rd.query, db, gst_container=tuple) vl = rd.query.get('vl') or '' etag = json_dumps([db.last_modified().isoformat(), rd.username, library_id, vl, list(opts)]) - etag = hashlib.sha1(etag).hexdigest() + etag = hashlib.sha256(etag).hexdigest() def generate(): return json(ctx, rd, tag_browser, categories_as_json(ctx, rd, db, opts, vl))