scrapinghub/dateparser

dateparser doesn't work in FIPS compliant environments

Open

#1.258 aberto em 14 de mar. de 2025

Ver no GitHub
 (9 comments) (3 reactions) (0 assignees)Python (443 forks)batch import
Status: Bug confirmedType: Buggood first issue

Métricas do repositório

Stars
 (2.318 stars)
Métricas de merge de PR
 (Mesclagem média 397d 12h) (13 fundiu PRs em 30d)

Description

Many secure environments disable the hashlib.md5 function because it is insecure, the causes the line below to fail making dateparser unusable in these environments:

https://github.com/scrapinghub/dateparser/blob/02bd2e5dd4477b4f6db98c5e98149458eb3cc821/dateparser/conf.py#L52

This can easily be remedied by replacing that line with return hashlib.md5("".join(keys).encode("utf-8"), usedforsecurity=False).hexdigest() which appropriately bypasses the fips security check because dateparser is not using the md5 hash for security applications.

This is a great project, would appreciate it if this fix could be pushed so it becomes useable in FIPS-compliant environments!

Guia do colaborador