search

lark-parser / lark

Lark is a parsing toolkit for Python, built with a focus on ergonomics, performance and modularity.
MIT License
4.77k stars 404 forks source link

Lark doesn't run on FIPS enabled systems on older versions of python 3 #1250

Closed wilrodriguez closed 1 year ago

wilrodriguez commented 1 year ago

Describe the bug

Due to md5 ciphers being disabled on FIPS enabled systems, Lark won't work due to the md5_digest method in the load_grammer module. On Python 3.9 and up this will work, but not all users running FIPS are on 3.9 and since Lark purports to support python as low as 3.6, we should probably make the module FIPS compliant by simply removing MD5 hashing. This change would build on the work already put into place by #1187

To Reproduce

On a RHEL 7 system running Python 3.6, when opening a grammar file with lark_parser = Lark.open(GRAMMAR_FILE), I get the following error (note that the top of the stack is redacted):

...
  File "/usr/lib/python3.6/site-packages/lark/lark.py", line 567, in open
    return cls(f, **options)
  File "/usr/lib/python3.6/site-packages/lark/lark.py", line 349, in __init__
    self.grammar, used_files = load_grammar(grammar, self.source_path, self.options.import_paths, self.options.keep_all_tokens)
  File "/usr/lib/python3.6/site-packages/lark/load_grammar.py", line 1410, in load_grammar
    builder.load_grammar(grammar, source)
  File "/usr/lib/python3.6/site-packages/lark/load_grammar.py", line 1250, in load_grammar
    self.do_import(dotted_path, base_path, aliases, mangle)
  File "/usr/lib/python3.6/site-packages/lark/load_grammar.py", line 1317, in do_import
    h = md5_digest(text)
  File "/usr/lib/python3.6/site-packages/lark/load_grammar.py", line 1423, in md5_digest
    return hashlib.md5(s.encode('utf8')).hexdigest()
ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for fips