-
Notifications
You must be signed in to change notification settings - Fork 475
dateparser doesn't work in FIPS compliant environments #1258
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
Thanks for the ack. I'd be happy to PR this myself if you give me permissions to contribute! |
No need for permissions, feel free to create a PR from a fork. |
If trevor-scale is unable to create the PR, I would be more than happy to do it. However, wouldn't this change be a breaking change since the setup.py requires python3.8 or later. This change would force users to 3.9. |
That's a good point. It's a bit ugly, but we can do a check on sys.version.info and only set the |
This should support >= 3.8 |
PR submitted here: #1267 |
@trevor-scale The code I pasted above was a test to make sure the command still failed within a FIPS enabled environment. For it to work properly in this setup, it would need to set |
Removing support for 3.8 is fine, it is end-of-life. |
@trevor-scale Looks like @Gallaecio doesn't mind the breaking change since 3.8 is end of support. I will leave it to you guys on how the PR should be adjusted. Also, I am not a maintainer of this repo so I cannot approve or merge the PR. |
Many secure environments disable the
hashlib.md5
function because it is insecure, the causes the line below to fail making dateparser unusable in these environments:dateparser/dateparser/conf.py
Line 52 in 02bd2e5
This can easily be remedied by replacing that line with
return hashlib.md5("".join(keys).encode("utf-8"), usedforsecurity=False).hexdigest()
which appropriately bypasses the fips security check because dateparser is not using the md5 hash for security applications.This is a great project, would appreciate it if this fix could be pushed so it becomes useable in FIPS-compliant environments!
The text was updated successfully, but these errors were encountered: