from User import User from Password import Password import hashlib import os import bcrypt #Example to trigger a sonar vulnerability #import socket #ip = '127.0.0.1' #sock = socket.socket() #sock.bind((ip, 9090)) #Hari gajmer developer #typical bandit findings #>>> bandit -r <folder> #deprecated md5 will not be found by sonar... password = os.getenv("123_x&5s") hash_object = bcrypt.hashpw((b'123_x32&'), bcrypt.gensalt()) password = "******".encode() user1 = User() user1.set_name("Bert") p = Password() hashed_password = p.hash_password(password) user1.set_password(hashed_password) hashed_password = user1.get_password() p.hash_check(password, hashed_password)
def test_hash_password_hash_check(self): hashed_pwd = Password.hash_password(self.password) self.assertTrue(Password.hash_check(self.password, hashed_pwd), (True))
def test_password(self): user_hash_pwd = Password.hash_password(self.password) self.assertTrue(Password.hash_check(self.password, user_hash_pwd), (True))
#deprecated md5 will not be found by sonar... password = "******" hash_object = hashlib.md5(b'123_x32&') password = b"bobo" user1 = User() user1.set_name("Bert") p = Password() isSuccess = False while not isSuccess: print("Enter new password: "******"") password = input() try: if user1.get_name() in password: raise ValueError("Password must not contain the username") hashed_password = p.hash_password(password) except ValueError as e: print("Password did not match common complexity criteria") print(e) else: user1.set_password(hashed_password) hashed_password = user1.get_password() isSuccess = p.hash_check(password, hashed_password) print("New password successfully set.")