Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[secaudit-blocking] Missing justification for nosec lines #335

Closed
puiterwijk opened this issue Aug 12, 2020 · 0 comments · Fixed by #431
Closed

[secaudit-blocking] Missing justification for nosec lines #335

puiterwijk opened this issue Aug 12, 2020 · 0 comments · Fixed by #431
Assignees
@nphilipp
Labels
security Security issue

Comments

@puiterwijk
Copy link

puiterwijk commented Aug 12, 2020
edited
Loading

Part of secaudit #316, blocking.

As per the Fedora Infrastructure Application Security Policy, any # nosec lines must be properly justified.
These lines have no documentation why they are ignored from bandit checks:
@puiterwijk puiterwijk added the security Security issue label Aug 12, 2020
@puiterwijk puiterwijk changed the title [secaudit-blocking] Missing explanation for nosec lines [secaudit-blocking] Missing justification for nosec lines Aug 12, 2020
@nphilipp nphilipp self-assigned this Jan 27, 2021
nphilipp added a commit to nphilipp/noggin that referenced this issue Jan 27, 2021
@nphilipp
Justify use of # nosec
77afcb8 
Describe that password values are overwritten and why we use MD5 to
look up avatar image URLs.

Fixes: fedora-infra#335

Signed-off-by: Nils Philippsen <nils@redhat.com>
@nphilipp nphilipp mentioned this issue Jan 27, 2021
Merged
nphilipp added a commit to nphilipp/noggin that referenced this issue Jan 27, 2021
@nphilipp
Justify use of # nosec
4eaa5b1 
Describe that password values are overwritten and why we use MD5 to
look up avatar image URLs.

Fixes: fedora-infra#335

Signed-off-by: Nils Philippsen <nils@redhat.com>
This was referenced Feb 1, 2021
Closed
Closed
ryanlerch pushed a commit that referenced this issue Feb 8, 2021
@nphilipp @ryanlerch
Justify use of # nosec
98575fd 
Describe that password values are overwritten and why we use MD5 to
look up avatar image URLs.

Fixes: #335

Signed-off-by: Nils Philippsen <nils@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nphilipp nphilipp

Labels
security Security issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Justify use of # nosec nphilipp/noggin
2 participants
@nphilipp @puiterwijk