Hashlib linter should not warn when usedforsecurity=False is set

[djmattyg007]

This is a built-in flag that affirms the code is not using md5 for security-related purposes. In my code's case, I'm manually calculating a checksum as required by the AWS S3 API.

[mschwager]

Hi there,

Good catch! Would you be interested in submitting a PR to fix this?

The hashlib linter lives in bad_hashlib_use.py. This could be fixed by switching BadHashlibUseLinter to inherit from BadKwargUseLinter instead of BadModuleAttributeUseLinter. From there, you could create a missing_or_true predicate to only catch instances of the function call where the usedforsecurity kwarg is missing (defaults to True), or explicitly set to True. Similar to bad_onelogin_kwarg_use.py.

Fortunately this solution is backwards compatible with pre-3.9 versions of Python since we're still flagging the usedforsecurity missing case 👍

[djmattyg007]

Good catch! Would you be interested in submitting a PR to fix this?

I'm working on a PR now :)

[djmattyg007]

@mschwager I just submitted #42