]> jfr.im git - irc/weechat/qweechat.git/commitdiff
projects / irc / weechat / qweechat.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: 0dffebc)
Ignore bandit security error about possible hardcoded password
authorSébastien Helleu <redacted>
Sun, 14 Nov 2021 18:00:55 +0000 (19:00 +0100)
committerSébastien Helleu <redacted>
Sun, 14 Nov 2021 18:00:55 +0000 (19:00 +0100)
Bandit reports this error:

>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'init password=%(password)s%(totp)s

The password is of course never hardcoded there.

qweechat/network.py patch | blob | blame | history

diff --git a/qweechat/network.py b/qweechat/network.py
index f665c2218bd7c21cd30172971e3645ec85c5be6f..968c92760769994a93bfb52f770496089e75f9f7 100644 (file)
--- a/qweechat/network.py
+++ b/qweechat/network.py
@@ -47,7 +47,7 @@ _HASH_ALGOS = ':'.join(_HASH_ALGOS_LIST)
 _PROTO_HANDSHAKE = f'(handshake) handshake password_hash_algo={_HASH_ALGOS}\n'
 
 # initialize with the password (plain text)
-_PROTO_INIT_PWD = 'init password=%(password)s%(totp)s\n'
+_PROTO_INIT_PWD = 'init password=%(password)s%(totp)s\n'  # nosec
 
 # initialize with the hashed password
 _PROTO_INIT_HASH = ('init password_hash='
Unnamed repository; edit this file 'description' to name the repository.