We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
We have an access token class, that wraps a token string and it's type.
class AccessToken(BaseModel): """ Wrapper of the access token. """ token: str token_type: str
For the moment we only support Bearer type. Creating a token with a hard coded type raises hard coded password.
Bearer
Test results: >> Issue: [B106:hardcoded_password_funcarg] Possible hardcoded password: 'Bearer' Severity: Low Confidence: Medium CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html) Location: whist/server/api/user/auth.py:38:11 More Info: https://bandit.readthedocs.io/en/1.7.3/plugins/b106_hardcoded_password_funcarg.html 37 token = create_access_token(token_request) 38 return AccessToken(token=token, token_type='Bearer') -------------------------------------------------- Code scanned: Total lines of code: 9[25](https://github.com/Whist-Team/Whist-Server/runs/5397490348?check_suite_focus=true#step:5:25) Total lines skipped (#nosec): 0 Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0 Run metrics: Total issues (by severity): Undefined: 0 Low: 1 Medium: 0 High: 0 Total issues (by confidence): Undefined: 0 Low: 0 Medium: 1 High: 0 Files skipped (0):
1. create a token from the above class with `AccessToken(token=token, token_type='Bearer')` where `token` is the actual token string.
I my opinion this should not be raised as it is a token type not and a password.
1.7.3 (Default)
3.10 (Default)
This has also been reproduced with Python 3.9.
The text was updated successfully, but these errors were encountered:
exclude_regex
No branches or pull requests
Describe the bug
We have an access token class, that wraps a token string and it's type.
For the moment we only support
Bearer
type. Creating a token with a hard coded type raises hard coded password.Reproduction steps
Expected behavior
I my opinion this should not be raised as it is a token type not and a password.
Bandit version
1.7.3 (Default)
Python version
3.10 (Default)
Additional context
This has also been reproduced with Python 3.9.
The text was updated successfully, but these errors were encountered: