This repository has been archived by the owner on Oct 6, 2020. It is now read-only.

Add linter for detecting itsdangerous use with none algorithm #36

Closed

mschwager opened this issue Dec 5, 2019 · 0 comments

Collaborator

mschwager commented Dec 5, 2019

Various itsdangerous classes take an algorithm argument that can lead to empty signatures. E.g.

Signer -> algorithm -> signer.NoneAlgorithm
TimestampSigner -> algorithm -> signer.NoneAlgorithm
JSONWebSignatureSerializer -> algorithm_name -> "none"

Let's check these class kwargs.

The text was updated successfully, but these errors were encountered:

mschwager closed this as completed in

663c01f

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.