From 029bdfe6495c262fbadd80e30a73cbf1b8b049b2 Mon Sep 17 00:00:00 2001 From: Renan Gomes Barreto Date: Fri, 8 Jul 2022 18:02:57 -0300 Subject: [PATCH] Replace the MD5 usage by SHA256 MD5 is old, insecure, and can create problems for people using this package when they are trying to pass some compliance requirements (for example, FIPS). --- locust/stats.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locust/stats.py b/locust/stats.py index fdc4f3bc1c..d53f8769c6 100644 --- a/locust/stats.py +++ b/locust/stats.py @@ -702,7 +702,7 @@ def parse_error(cls, error: Optional[Union[Exception, str]]) -> str: @classmethod def create_key(cls, method: str, name: str, error: Optional[Union[Exception, str]]) -> str: key = f"{method}.{name}.{StatsError.parse_error(error)!r}" - return hashlib.md5(key.encode("utf-8")).hexdigest() + return hashlib.sha256(key.encode("utf-8")).hexdigest() def occurred(self) -> None: self.occurrences += 1