You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#nosec tags should not just be used to make problems go away. Every time somebody uses #nosec it should be accompanied by an explanation for why this really isn't a security issue.
The text was updated successfully, but these errors were encountered:
# The following hash is not used in any security context. It is only used# to generate unique values, collisions are acceptable and "data" is not# coming from user-generated inputthe_hash=md5(data).hexdigest() # nosec
We could also use a slightly more complex hybrid system:
# The following hash is not used in any security context. It is only used# to generate unique values, collisions are acceptable and "data" is not# coming from user-generated inputthe_hash=md5(data).hexdigest() # nosec(sigmavirus24)
Point 1. might be harder to implement but would make it easier to follow PEP 8 - Maximum Line Length guidance. (in this case, max. of 72 chars for comments)
Point 2. seems to be easier to implement, but much fewer characters would be available for the justification if one would be following PEP 8. It also seems to have some sort of alias or ID tracking.
Point 3. is a bit more complex than 1. but it's easier to follow PEP 8 and has that alias/ID tracking thing.
Transfer of OpenStack blueprint:
https://blueprints.launchpad.net/bandit/+spec/nosec-has-comment
#nosec tags should not just be used to make problems go away. Every time somebody uses #nosec it should be accompanied by an explanation for why this really isn't a security issue.
The text was updated successfully, but these errors were encountered: