From a0c6b8980f18a206092cd3b3e6575061fcb6385b Mon Sep 17 00:00:00 2001
From: deacon <marksoccerman1@aol.com>
Date: Tue, 17 Mar 2026 19:59:43 -0400
Subject: [PATCH] fix: mark MD5 usage as non-security to address B324

Add usedforsecurity=False to hashlib.md5() calls in atomic_svc.py.
These usages are for file deduplication and ability ID generation,
not for cryptographic security purposes.

Fixes: B324 (Use of weak MD5 hash for security)
Detected by: bandit
---
 app/atomic_svc.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/atomic_svc.py b/app/atomic_svc.py
index 32d3804..339c843 100644
--- a/app/atomic_svc.py
+++ b/app/atomic_svc.py
@@ -121,7 +121,7 @@ def _handle_attachment(self, attachment_path):
         payload_name = os.path.basename(attachment_path)
         # to avoid collisions between payloads with the same name
         with open(attachment_path, 'rb') as f:
-            h = hashlib.md5(f.read()).hexdigest()
+            h = hashlib.md5(f.read(), usedforsecurity=False).hexdigest()
         payload_name = h[:PREFIX_HASH_LEN] + '_' + payload_name
         shutil.copyfile(attachment_path, os.path.join(self.payloads_dir, payload_name), follow_symlinks=False)
         return payload_name
@@ -301,7 +301,7 @@ async def _save_ability(self, entries, test):
         """
         Return True if an ability was saved.
         """
-        ability_id = hashlib.md5(json.dumps(test).encode()).hexdigest()
+        ability_id = hashlib.md5(json.dumps(test).encode(), usedforsecurity=False).hexdigest()
 
         tactics_li = self.technique_to_tactics.get(entries['attack_technique'], ['redcanary-unknown'])
         tactic = 'multiple' if len(tactics_li) > 1 else tactics_li[0]