Invalid checking in hashlib plugin #865
Labels
bug
Something isn't working
Comments
ericwb
added a commit
that referenced
this issue
Jun 27, 2022
* hashlib does not support name as the kwargs argument * 'string' is not a keyword of kwargs Fixes #865 Signed-off-by: Eric Brown <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The hashlib_insecure_functions.py plugin is checkin for arguments that don't exist. For example, there is no kwarg for 'name'. The actual signature of the function is:
The hashlib_new_insecure_functions example also includes a bunch of invalid examples.
Reproduction steps
See https://docs.python.org/3/library/hashlib.html
Expected behavior
The checking should be accurate to the function API.
Bandit version
1.7.4 (Default)
Python version
3.9
Additional context
No response
The text was updated successfully, but these errors were encountered: