Merge branch 'gitlab-sast' into 'main'

Gitlab sast

See merge request s3lph/multischleuder!2
This commit is contained in:
s3lph 2022-05-30 15:51:31 +00:00
commit 8d4b84669f
2 changed files with 3 additions and 3 deletions

View file

@ -49,7 +49,7 @@ class SchleuderApi:
context = None
# Perform the actual request
req = urllib.request.Request(url, data=payload, method=method, headers=self._headers)
resp = urllib.request.urlopen(req, context=context)
resp = urllib.request.urlopen(req, context=context) # nosec B310 baseurl is trusted
respdata: str = resp.read().decode()
if len(respdata) > 0:
return json.loads(respdata)

View file

@ -174,7 +174,7 @@ class KeyConflictResolution:
# Sort so the hash stays the same if the set of subscriptions is the same.
# There is no guarantee that the subs are in any specific order.
subs: List[SchleuderSubscriber] = sorted(candidates, key=lambda x: x.schleuder)
h = hashlib.new('sha1')
h = hashlib.new('sha1') # nosec B324
# Include the chosen email an source sub-list
h.update(struct.pack('!sd',
chosen.email.encode(),
@ -191,7 +191,7 @@ class KeyConflictResolution:
# Sort so the hash stays the same if the set of subscriptions is the same.
# There is no guarantee that the subs are in any specific order.
subs: List[SchleuderSubscriber] = sorted(candidates, key=lambda x: x.schleuder)
h = hashlib.new('sha1')
h = hashlib.new('sha1') # nosec B324
assert chosen.key is not None # Make mypy happy; it can't know that chosen.key can't be None
# Include the chosen email an source sub-list
h.update(struct.pack('!ssd',