Describe the bug
We have an access token class, that wraps a token string and it's type.
class AccessToken(BaseModel):
"""
Wrapper of the access token.
"""
token: str
token_type: strFor the moment we only support Bearer type. Creating a token with a hard coded type raises hard coded password.
Test results:
>> Issue: [B106:hardcoded_password_funcarg] Possible hardcoded password: 'Bearer'
Severity: Low Confidence: Medium
CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
Location: whist/server/api/user/auth.py:38:11
More Info: https://bandit.readthedocs.io/en/1.7.3/plugins/b106_hardcoded_password_funcarg.html
37 token = create_access_token(token_request)
38 return AccessToken(token=token, token_type='Bearer')
--------------------------------------------------
Code scanned:
Total lines of code: 9[25](https://github.com/Whist-Team/Whist-Server/runs/5397490348?check_suite_focus=true#step:5:25)
Total lines skipped (#nosec): 0
Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0
Run metrics:
Total issues (by severity):
Undefined: 0
Low: 1
Medium: 0
High: 0
Total issues (by confidence):
Undefined: 0
Low: 0
Medium: 1
High: 0
Files skipped (0):
Reproduction steps
1. create a token from the above class with `AccessToken(token=token, token_type='Bearer')` where `token` is the actual token string.
Expected behavior
I my opinion this should not be raised as it is a token type not and a password.
Bandit version
1.7.3 (Default)
Python version
3.10 (Default)
Additional context
This has also been reproduced with Python 3.9.
Describe the bug
We have an access token class, that wraps a token string and it's type.
For the moment we only support
Bearertype. Creating a token with a hard coded type raises hard coded password.Reproduction steps
Expected behavior
I my opinion this should not be raised as it is a token type not and a password.
Bandit version
1.7.3 (Default)
Python version
3.10 (Default)
Additional context
This has also been reproduced with Python 3.9.