scrapinghub/dateparser

dateparser doesn't work in FIPS compliant environments

Open

#1.258 geöffnet am 14. März 2025

Auf GitHub ansehen
 (9 Kommentare) (3 Reaktionen) (0 zugewiesene Personen)Python (443 Forks)batch import
Status: Bug confirmedType: Buggood first issue

Repository-Metriken

Stars
 (2.318 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 397T 12h) (13 gemergte PRs in 30 T)

Beschreibung

Many secure environments disable the hashlib.md5 function because it is insecure, the causes the line below to fail making dateparser unusable in these environments:

https://github.com/scrapinghub/dateparser/blob/02bd2e5dd4477b4f6db98c5e98149458eb3cc821/dateparser/conf.py#L52

This can easily be remedied by replacing that line with return hashlib.md5("".join(keys).encode("utf-8"), usedforsecurity=False).hexdigest() which appropriately bypasses the fips security check because dateparser is not using the md5 hash for security applications.

This is a great project, would appreciate it if this fix could be pushed so it becomes useable in FIPS-compliant environments!

Contributor Guide