Andrei Kulakov <[email protected]> added the comment:
How about adding a check to `crypt.mksalt()`:
if method and method not in methods:
raise ValueError(f'method {method} is not supported')
If a method is supplied to `crypt.crypt()`, mksalt() is called with it as an
arg, so adding this check will take care of both paths:
crypt(val, method)
crypt(val, mksalt(method))
the only remaining issue is if an (improperly generated) salt is loaded
from somewhere and used to call `crypt()`, but the check above fixes most of
the issue.
I can put up a PR if this sounds good.
----------
nosy: +andrei.avk
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue33213>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
