Merge branch 'gitlab-sast' into 'main'

Gitlab sast See merge request s3lph/multischleuder!2
2022-05-30 15:51:31 +00:00 · 2022-05-30 15:51:31 +00:00 · 8d4b84669f
commit 8d4b84669f
parent 210bff48fb a160d22789
2 changed files with 3 additions and 3 deletions
--- a/multischleuder/api.py
+++ b/multischleuder/api.py
@ -49,7 +49,7 @@ class SchleuderApi:
            context = None
        # Perform the actual request
        req = urllib.request.Request(url, data=payload, method=method, headers=self._headers)
-        resp = urllib.request.urlopen(req, context=context)
+        resp = urllib.request.urlopen(req, context=context)  # nosec B310 baseurl is trusted
        respdata: str = resp.read().decode()
        if len(respdata) > 0:
            return json.loads(respdata)
--- a/multischleuder/conflict.py
+++ b/multischleuder/conflict.py
@ -174,7 +174,7 @@ class KeyConflictResolution:
        # Sort so the hash stays the same if the set of subscriptions is the same.
        # There is no guarantee that the subs are in any specific order.
        subs: List[SchleuderSubscriber] = sorted(candidates, key=lambda x: x.schleuder)
-        h = hashlib.new('sha1')
+        h = hashlib.new('sha1')  # nosec B324
        # Include the chosen email an source sub-list
        h.update(struct.pack('!sd',
                             chosen.email.encode(),
@ -191,7 +191,7 @@ class KeyConflictResolution:
        # Sort so the hash stays the same if the set of subscriptions is the same.
        # There is no guarantee that the subs are in any specific order.
        subs: List[SchleuderSubscriber] = sorted(candidates, key=lambda x: x.schleuder)
-        h = hashlib.new('sha1')
+        h = hashlib.new('sha1')  # nosec B324
        assert chosen.key is not None  # Make mypy happy; it can't know that chosen.key can't be None
        # Include the chosen email an source sub-list
        h.update(struct.pack('!ssd',