do not skip B303 globally, but locally

Dazu-io · Dec 9, 2020 · 9a8197c · 9a8197c
1 parent 2608a3f
commit 9a8197c
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 5 deletions.
diff --git a/bandit.yml b/bandit.yml
@@ -1,5 +1,4 @@
 # B322: checks for `input()` which is unsafe in Python 2, but safe in Python 3.
 # B104: checks for binding 0.0.0.0 interface, which should be fine for containers.
 # B301: checks for pickle usage, which is a necessary evil.
-# B303: checks for insecure hash functions like md5, which is good enough for current use cases.
-skips: ['B322', 'B104', 'B301', 'B303']
+skips: ['B322', 'B104', 'B301']
diff --git a/rasa/core/utils.py b/rasa/core/utils.py
@@ -124,7 +124,7 @@ def __init__(self, wrapped, tight=False) -> None:
 
         self.__tight = tight
         self.__wrapped = np.array(wrapped) if tight else wrapped
-        self.__hash = int(sha1(wrapped.view()).hexdigest(), 16)
+        self.__hash = int(sha1(wrapped.view()).hexdigest(), 16)  # nosec
 
     def __eq__(self, other) -> bool:
         return np.all(self.__wrapped == other.__wrapped)
@@ -266,7 +266,7 @@ def convert_bytes_to_string(data: Union[bytes, bytearray, Text]) -> Text:
 
 def get_file_hash(path: Text) -> Text:
     """Calculate the md5 hash of a file."""
-    return md5(file_as_bytes(path)).hexdigest()
+    return md5(file_as_bytes(path)).hexdigest()  # nosec
 
 
 async def download_file_from_url(url: Text) -> Text:

diff --git a/rasa/shared/utils/io.py b/rasa/shared/utils/io.py
@@ -265,7 +265,7 @@ def get_list_fingerprint(
 
 def get_text_hash(text: Text, encoding: Text = DEFAULT_ENCODING) -> Text:
     """Calculate the md5 hash for a text."""
-    return md5(text.encode(encoding)).hexdigest()
+    return md5(text.encode(encoding)).hexdigest()  # nosec
 
 
 def json_to_string(obj: Any, **kwargs: Any) -> Text: