[flake8-bandit] Clarify the supported hashing functions (S324)#20534
[flake8-bandit] Clarify the supported hashing functions (S324)#20534ntBre merged 3 commits intoastral-sh:mainfrom
flake8-bandit] Clarify the supported hashing functions (S324)#20534Conversation
|
ntBre
left a comment
ntBre
left a comment
There was a problem hiding this comment.
Thanks for working on this, and I think it's nice to have some note like this, but it doesn't seem exactly accurate to say that we support the values in algorithms_guaranteed. I checked all the versions supported by uv (3.7 through 3.14), and sha and md4 haven't been guaranteed algorithms at least since 3.7. I also checked in the CPython source as far back as 3.2, when the constant was added.
I was able to call hashlib.new("md4") on 3.7, but sha didn't work on any version I tested.
Fortunately, I think we can just drop the reference to algorithms_guaranteed and the note still reads well. Since we're effectively enumerating every function checked by the rule, it might make sense to mention the crypt functions (crypt and mksalt) as well.
|
Thanks for checking, that makes sense. I changed it to explicitly list what the rule actually targets, plus |
crates/ruff_linter/src/rules/flake8_bandit/rules/hashlib_insecure_hash_functions.rs
Show resolved
Hide resolved
ntBre
left a comment
ntBre
left a comment
There was a problem hiding this comment.
Thank you! I just made one suggestion to restore the reference link. Even if we're not checking that list directly, I think the link could still be helpful.
ntBre
changed the title
flake8-bandit] Clarify S324 only targets Python-guaranteed hashlib algorithms (S324)flake8-bandit] Clarify the supported hashing functions (S324)
2 participants
Summary
Fixes #16572