Message396174
How about adding a check to `crypt.mksalt()`:
if method and method not in methods:
raise ValueError(f'method {method} is not supported')
If a method is supplied to `crypt.crypt()`, mksalt() is called with it as an arg, so adding this check will take care of both paths:
crypt(val, method)
crypt(val, mksalt(method))
the only remaining issue is if an (improperly generated) salt is loaded
from somewhere and used to call `crypt()`, but the check above fixes most of the issue.
I can put up a PR if this sounds good. |
|
Date |
User |
Action |
Args |
2021-06-20 14:48:53 | andrei.avk | set | recipients:
+ andrei.avk, rhettinger, ronaldoussoren, christian.heimes, ned.deily, serhiy.storchaka, Ron Reiter |
2021-06-20 14:48:53 | andrei.avk | set | messageid: <1624200533.69.0.905851090906.issue33213@roundup.psfhosted.org> |
2021-06-20 14:48:53 | andrei.avk | link | issue33213 messages |
2021-06-20 14:48:53 | andrei.avk | create | |
|