Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove filterwarnings for RemovedInDjango50Warning #9500

Merged
merged 2 commits into from
Feb 28, 2024

Remove CryptPasswordHasher from PASSWORD_HASHERS

9496f0c
Select commit
Loading
Failed to load commit list.
Merged

Remove filterwarnings for RemovedInDjango50Warning #9500

Remove CryptPasswordHasher from PASSWORD_HASHERS
9496f0c
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Sensitive Functions Analyzer succeeded Feb 27, 2024 in 0s

DryRun Security

Details

Potentially Sensitive Functions: 5 detected

⚠️ Sensitive Function dojo/settings/settings.dist.py (click for details)
Type Sensitive Function
Description The function is involved in generating URLs, which can be a sensitive operation if user data is involved.
File Name dojo/settings/settings.dist.py
Function Name generate_url
Code Link

django-DefectDojo/dojo/settings/settings.dist.py

Lines 490 to 495 in 9496f0c

'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher',
'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
]
SOCIAL_AUTH_PIPELINE = (
⚠️ Sensitive Function dojo/settings/settings.dist.py (click for details)
Type Sensitive Function
Description This function is involved in hashing passwords, which is a sensitive operation.
File Name dojo/settings/settings.dist.py
Function Name MD5PasswordHasher
Code Link

django-DefectDojo/dojo/settings/settings.dist.py

Lines 490 to 495 in 9496f0c

'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher',
'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
]
SOCIAL_AUTH_PIPELINE = (
⚠️ Sensitive Function dojo/settings/settings.dist.py (click for details)
Type Sensitive Function
Description This function is involved in hashing passwords without a salt, which is a sensitive and potentially insecure operation.
File Name dojo/settings/settings.dist.py
Function Name UnsaltedSHA1PasswordHasher
Code Link

django-DefectDojo/dojo/settings/settings.dist.py

Lines 490 to 495 in 9496f0c

'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher',
'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
]
SOCIAL_AUTH_PIPELINE = (
⚠️ Sensitive Function dojo/settings/settings.dist.py (click for details)
Type Sensitive Function
Description This function is involved in hashing passwords without a salt, which is a sensitive and potentially insecure operation.
File Name dojo/settings/settings.dist.py
Function Name UnsaltedMD5PasswordHasher
Code Link

django-DefectDojo/dojo/settings/settings.dist.py

Lines 490 to 495 in 9496f0c

'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher',
'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
]
SOCIAL_AUTH_PIPELINE = (
⚠️ Sensitive Function dojo/settings/settings.dist.py (click for details)
Type Sensitive Function
Description This function is involved in hashing passwords, which is a sensitive operation. Its removal from the code could affect the security of the application.
File Name dojo/settings/settings.dist.py
Function Name CryptPasswordHasher
Code Link

django-DefectDojo/dojo/settings/settings.dist.py

Lines 490 to 495 in 9496f0c

'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher',
'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
]
SOCIAL_AUTH_PIPELINE = (
View more details on DryRunSecurity