Re: [PR] chore: enforce more ruff rules [superset]

Fri, 13 Dec 2024 13:16:51 -0800 


github-advanced-security[bot] commented on code in PR #31447:
URL: https://github.com/apache/superset/pull/31447#discussion_r1884551548


##########
superset/utils/hashing.py:
##########
@@ -21,7 +21,7 @@
 
 
 def md5_sha_from_str(val: str) -> str:
-    return hashlib.md5(val.encode("utf-8")).hexdigest()
+    return hashlib.md5(val.encode("utf-8")).hexdigest()  # noqa: S324

Review Comment:
   ## Use of a broken or weak cryptographic hashing algorithm on sensitive data
   
   [Sensitive data (certificate)](1) is used in a hashing algorithm (MD5) that 
is insecure.
   [Sensitive data (certificate)](2) is used in a hashing algorithm (MD5) that 
is insecure.
   [Sensitive data (certificate)](3) is used in a hashing algorithm (MD5) that 
is insecure.
   [Sensitive data (certificate)](4) is used in a hashing algorithm (MD5) that 
is insecure.
   [Sensitive data (certificate)](5) is used in a hashing algorithm (MD5) that 
is insecure.
   [Sensitive data (certificate)](6) is used in a hashing algorithm (MD5) that 
is insecure.
   [Sensitive data (certificate)](7) is used in a hashing algorithm (MD5) that 
is insecure.
   [Sensitive data (id)](8) is used in a hashing algorithm (MD5) that is 
insecure.
   [Sensitive data (id)](9) is used in a hashing algorithm (MD5) that is 
insecure.
   [Sensitive data (id)](10) is used in a hashing algorithm (MD5) that is 
insecure.
   [Sensitive data (id)](11) is used in a hashing algorithm (MD5) that is 
insecure.
   [Sensitive data (id)](12) is used in a hashing algorithm (MD5) that is 
insecure.
   [Sensitive data (id)](13) is used in a hashing algorithm (MD5) that is 
insecure.
   [Sensitive data (id)](14) is used in a hashing algorithm (MD5) that is 
insecure.
   [Sensitive data (id)](15) is used in a hashing algorithm (MD5) that is 
insecure.
   [Sensitive data (id)](16) is used in a hashing algorithm (MD5) that is 
insecure.
   [Sensitive data (certificate)](17) is used in a hashing algorithm (MD5) that 
is insecure.
   
   [Show more 
details](https://github.com/apache/superset/security/code-scanning/1237)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to