From 46a3f72f73596a223de6e1ebe2afb54fc6b6cc4a Mon Sep 17 00:00:00 2001 From: rajith Date: Fri, 25 Oct 2024 11:11:46 +0530 Subject: [PATCH 1/4] fix coverity hash issue in metaflow_utils file --- openfl/experimental/utilities/metaflow_utils.py | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/openfl/experimental/utilities/metaflow_utils.py b/openfl/experimental/utilities/metaflow_utils.py index 066429a41e..e13d4f1f90 100644 --- a/openfl/experimental/utilities/metaflow_utils.py +++ b/openfl/experimental/utilities/metaflow_utils.py @@ -66,9 +66,9 @@ def __init__(self, name): def __enter__(self): lock_id = hashlib.new( - "md5", self.name.encode("utf8"), usedforsecurity=False + "sha256", self.name.encode("utf8"), usedforsecurity=False ).hexdigest() # nosec - # MD5sum used for concurrency purposes, not security + # Using SHA-256 to address security warning self.fp = open(f"/tmp/.lock-{lock_id}.lck", "wb") fcntl.flock(self.fp.fileno(), fcntl.LOCK_EX) @@ -345,11 +345,7 @@ def save_artifacts(self, artifacts_iter, force_v4=False, len_hint=0): def pickle_iter(): for name, obj in artifacts_iter: - do_v4 = ( - force_v4 and force_v4 - if isinstance(force_v4, bool) - else force_v4.get(name, False) - ) + do_v4 = force_v4 if isinstance(force_v4, bool) else force_v4.get(name, False) if do_v4: encode_type = "gzip+pickle-v4" if encode_type not in self._encodings: From c41647a96b39699f56de8ac102eb38999014f335 Mon Sep 17 00:00:00 2001 From: rajith Date: Fri, 25 Oct 2024 11:11:46 +0530 Subject: [PATCH 2/4] fix coverity hash issue in metaflow_utils file --- openfl/experimental/utilities/metaflow_utils.py | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/openfl/experimental/utilities/metaflow_utils.py b/openfl/experimental/utilities/metaflow_utils.py index 066429a41e..e13d4f1f90 100644 --- a/openfl/experimental/utilities/metaflow_utils.py +++ b/openfl/experimental/utilities/metaflow_utils.py @@ -66,9 +66,9 @@ def __init__(self, name): def __enter__(self): lock_id = hashlib.new( - "md5", self.name.encode("utf8"), usedforsecurity=False + "sha256", self.name.encode("utf8"), usedforsecurity=False ).hexdigest() # nosec - # MD5sum used for concurrency purposes, not security + # Using SHA-256 to address security warning self.fp = open(f"/tmp/.lock-{lock_id}.lck", "wb") fcntl.flock(self.fp.fileno(), fcntl.LOCK_EX) @@ -345,11 +345,7 @@ def save_artifacts(self, artifacts_iter, force_v4=False, len_hint=0): def pickle_iter(): for name, obj in artifacts_iter: - do_v4 = ( - force_v4 and force_v4 - if isinstance(force_v4, bool) - else force_v4.get(name, False) - ) + do_v4 = force_v4 if isinstance(force_v4, bool) else force_v4.get(name, False) if do_v4: encode_type = "gzip+pickle-v4" if encode_type not in self._encodings: From 54c5597aeb34049cc3629d69f5e16b64f30d3185 Mon Sep 17 00:00:00 2001 From: rajith Date: Fri, 25 Oct 2024 13:08:25 +0530 Subject: [PATCH 3/4] dummy commit workflow_interface --- openfl/experimental/utilities/metaflow_utils.py | 1 + 1 file changed, 1 insertion(+) diff --git a/openfl/experimental/utilities/metaflow_utils.py b/openfl/experimental/utilities/metaflow_utils.py index e13d4f1f90..61f9099fa8 100644 --- a/openfl/experimental/utilities/metaflow_utils.py +++ b/openfl/experimental/utilities/metaflow_utils.py @@ -345,6 +345,7 @@ def save_artifacts(self, artifacts_iter, force_v4=False, len_hint=0): def pickle_iter(): for name, obj in artifacts_iter: + #removed extra variable do_v4 = force_v4 if isinstance(force_v4, bool) else force_v4.get(name, False) if do_v4: encode_type = "gzip+pickle-v4" From 743778f72df65769a71e84f4b5d589b5cb3e7d35 Mon Sep 17 00:00:00 2001 From: rajith Date: Fri, 25 Oct 2024 13:19:42 +0530 Subject: [PATCH 4/4] trigger withworkflow_interface --- openfl/experimental/utilities/metaflow_utils.py | 1 - 1 file changed, 1 deletion(-) diff --git a/openfl/experimental/utilities/metaflow_utils.py b/openfl/experimental/utilities/metaflow_utils.py index 61f9099fa8..e13d4f1f90 100644 --- a/openfl/experimental/utilities/metaflow_utils.py +++ b/openfl/experimental/utilities/metaflow_utils.py @@ -345,7 +345,6 @@ def save_artifacts(self, artifacts_iter, force_v4=False, len_hint=0): def pickle_iter(): for name, obj in artifacts_iter: - #removed extra variable do_v4 = force_v4 if isinstance(force_v4, bool) else force_v4.get(name, False) if do_v4: encode_type = "gzip+pickle-v4"