Message 396174 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	andrei.avk
Recipients	Ron Reiter, andrei.avk, christian.heimes, ned.deily, rhettinger, ronaldoussoren, serhiy.storchaka
Date	2021-06-20.14:48:53
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1624200533.69.0.905851090906.issue33213@roundup.psfhosted.org>
In-reply-to

Content
How about adding a check to `crypt.mksalt()`: if method and method not in methods: raise ValueError(f'method {method} is not supported') If a method is supplied to `crypt.crypt()`, mksalt() is called with it as an arg, so adding this check will take care of both paths: crypt(val, method) crypt(val, mksalt(method)) the only remaining issue is if an (improperly generated) salt is loaded from somewhere and used to call `crypt()`, but the check above fixes most of the issue. I can put up a PR if this sounds good.

How about adding a check to `crypt.mksalt()`:

if method and method not in methods:
    raise ValueError(f'method {method} is not supported')

If a method is supplied to `crypt.crypt()`, mksalt() is called with it as an arg, so adding this check will take care of both paths:
crypt(val, method)
crypt(val, mksalt(method))

the only remaining issue is if an (improperly generated) salt is loaded
from somewhere and used to call `crypt()`, but the check above fixes most of the issue.

I can put up a PR if this sounds good.

History
Date	User	Action	Args
2021-06-20 14:48:53	andrei.avk	set	recipients: + andrei.avk, rhettinger, ronaldoussoren, christian.heimes, ned.deily, serhiy.storchaka, Ron Reiter
2021-06-20 14:48:53	andrei.avk	set	messageid: <1624200533.69.0.905851090906.issue33213@roundup.psfhosted.org>
2021-06-20 14:48:53	andrei.avk	link	issue33213 messages
2021-06-20 14:48:53	andrei.avk	create