◐ Shell
clean mode source ↗

Fix bpo-29528 Use a secure variable to stop spam by dstufft · Pull Request #13 · python/cpython

the-knights-who-say-ni

nanjekyejoannah added a commit to nanjekyejoannah/cpython that referenced this pull request

@bors @nanjekyejoannah 

13: warn for hmac and hexlify r=ltratt a=nanjekyejoannah

This PR adds warnings for the following modules:
- `hmac`
- `binascii.hexlify`
- `binascii.b2a_hex`

See the notes below:

1. warn for the 'digest' parameter in hmac in pygrate2

In Python 2:

```
>>> import hashlib
>>> import hmac
>>> string1 = 'firststring'.encode('utf-8')
>>> string2 = 'secondstring'.encode('utf-8')
>>> digest = hmac.new(key=string1, msg=string2, digestmod=hashlib.sha256).digest()
>>> digest = hmac.new(key=string1, msg=string2).digest() 
>>> 
```

In Python 3:

```
string1 = 'firststring'.encode('utf-8')
>>> string2 = 'secondstring'.encode('utf-8')
>>> digest = hmac.new(key=string1, msg=string2, digestmod=hashlib.sha256).digest()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
NameError: name 'hmac' is not defined
>>> import hashlib
>>> import hmac
>>> digest = hmac.new(key=string1, msg=string2, digestmod=hashlib.sha256).digest()
>>> digest = hmac.new(key=string1, msg=string2).digest() 
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/Cellar/python@3.9/3.9.12_1/Frameworks/Python.framework/Versions/3.9/lib/python3.9/hmac.py", line 170, in new
    return HMAC(key, msg, digestmod)
  File "/usr/local/Cellar/python@3.9/3.9.12_1/Frameworks/Python.framework/Versions/3.9/lib/python3.9/hmac.py", line 56, in __init__
    raise TypeError("Missing required parameter 'digestmod'.")
TypeError: Missing required parameter 'digestmod'.
>>> 
```


2. Warn for hexlify 

In python 2:

```
>>> import codecs
>>> hexlify = codecs.getencoder('hex')
>>> hexlify(b'Blaah')[0]
'426c616168'
>>> import binascii
>>> binascii.hexlify(b'Blaah')
'426c616168'
>>> binascii.hexlify('Blaah')
'426c616168'
>>> 
```

In Python 3:

```
>>> import codecs
>>> hexlify = codecs.getencoder('hex')
>>> hexlify(b'Blaah')[0]
b'426c616168'
>>> import binascii
>>> binascii.hexlify(b'Blaah')
b'426c616168'
>>> binascii.hexlify('Blaah')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: a bytes-like object is required, not 'str'
>>> 
```


Co-authored-by: Joannah Nanjekye <jnanjekye@python.org>