Compatibility for FIPS systems

Isaac Rowerequested to merge
irowebbn/cppcheck-codequality:patch-1 into main

On systems where SSL is compiled in FIPS mode, the fingerprint step of the report fails with the following error:

Traceback (most recent call last):
  File "/usr/local/bin/cppcheck-codequality", line 11, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.6/site-packages/cppcheck_codequality/__main__.py", line 118, in main
    fname_in=args.input_file, fname_out=args.output_file, base_dirs=args.base_dir
  File "/usr/local/lib/python3.6/site-packages/cppcheck_codequality/__init__.py", line 117, in convert_file
    fin.read(), base_dirs=base_dirs
  File "/usr/local/lib/python3.6/site-packages/cppcheck_codequality/__init__.py", line 327, in _convert
    (fingerprint_str).encode("utf-8")
ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS

This change indicates that the hash call is not being used for security and therefore should be permissible to use even on FIPS systems.

Changed in version 3.9: All hashlib constructors take a keyword-only argument usedforsecurity with default value True. A false value allows the use of insecure and blocked hashing algorithms in restricted environments. False indicates that the hashing algorithm is not used in a security context, e.g. as a non-cryptographic one-way compression function.

Here's a similar issue in another project.

Merge request reports