From ff46e74a28305b6f6815687d11234366b7580344 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=9B=85=E8=AF=BA=E7=8B=90?=
 <212194964+foxcyber907@users.noreply.github.com>
Date: Tue, 7 Oct 2025 20:39:49 +0800
Subject: [PATCH] Potential fix for code scanning alert no. 5: Use of a broken
 or weak cryptographic hashing algorithm on sensitive data

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/chat/message_receive/chat_stream.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/chat/message_receive/chat_stream.py b/src/chat/message_receive/chat_stream.py
index bb6fa6b99..645276237 100644
--- a/src/chat/message_receive/chat_stream.py
+++ b/src/chat/message_receive/chat_stream.py
@@ -492,16 +492,16 @@ class ChatManager:
         else:
             components = [platform, str(user_info.user_id), "private"]  # type: ignore
 
-        # 使用MD5生成唯一ID
+        # 使用SHA-256生成唯一ID
         key = "_".join(components)
-        return hashlib.md5(key.encode()).hexdigest()
+        return hashlib.sha256(key.encode()).hexdigest()
 
     @staticmethod
     def get_stream_id(platform: str, id: str, is_group: bool = True) -> str:
         """获取聊天流ID"""
         components = [platform, id] if is_group else [platform, id, "private"]
         key = "_".join(components)
-        return hashlib.md5(key.encode()).hexdigest()
+        return hashlib.sha256(key.encode()).hexdigest()
 
     async def get_or_create_stream(
         self, platform: str, user_info: UserInfo, group_info: GroupInfo | None = None