diff --git a/pyproject.toml b/pyproject.toml index 97dd6c2c5..470398ce7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -189,6 +189,7 @@ extend-select = [ "COM", # https://docs.astral.sh/ruff/rules/#flake8-commas-com "DTZ", # https://docs.astral.sh/ruff/rules/#flake8-datetimez-dtz "PERF", # https://docs.astral.sh/ruff/rules/#perflint-perf + "S324", # https://docs.astral.sh/ruff/rules/hashlib-insecure-hash-functions/ "DJ", # https://docs.astral.sh/ruff/rules/#flake8-django-dj "EXE", # https://docs.astral.sh/ruff/rules/#flake8-executable-exe "FBT", # https://docs.astral.sh/ruff/rules/#flake8-boolean-trap-fbt diff --git a/src/documents/signals/handlers.py b/src/documents/signals/handlers.py index a34a3acf9..5d0ab2dd0 100644 --- a/src/documents/signals/handlers.py +++ b/src/documents/signals/handlers.py @@ -411,7 +411,7 @@ def _path_matches_checksum(path: Path, checksum: str | None) -> bool: return False with path.open("rb") as f: - return hashlib.md5(f.read()).hexdigest() == checksum + return hashlib.md5(f.read(), usedforsecurity=False).hexdigest() == checksum def _filename_template_uses_custom_fields(doc: Document) -> bool: diff --git a/src/documents/tests/test_file_handling.py b/src/documents/tests/test_file_handling.py index 308952a38..df0ea8026 100644 --- a/src/documents/tests/test_file_handling.py +++ b/src/documents/tests/test_file_handling.py @@ -220,8 +220,11 @@ class TestFileHandling(DirectoriesMixin, FileSystemAssertsMixin, TestCase): doc = Document.objects.create( title="document", mime_type="application/pdf", - checksum=hashlib.md5(original_bytes).hexdigest(), - archive_checksum=hashlib.md5(archive_bytes).hexdigest(), + checksum=hashlib.md5(original_bytes, usedforsecurity=False).hexdigest(), + archive_checksum=hashlib.md5( + archive_bytes, + usedforsecurity=False, + ).hexdigest(), filename="old/document.pdf", archive_filename="old/document.pdf", storage_path=old_storage_path,