31b31b7946
API token hashing uses HMAC-SHA256 on high-entropy tokens (256-bit random), not passwords. Actual password hashing uses bcrypt.
9 lines
369 B
YAML
9 lines
369 B
YAML
name: "WireGUI CodeQL config"
|
|
|
|
query-filters:
|
|
# API token hashing uses HMAC-SHA256 which is appropriate for high-entropy
|
|
# tokens (256-bit random). Actual password hashing uses bcrypt.
|
|
# CodeQL flags any SHA-family hash as "weak for password hashing" but this
|
|
# rule is not applicable to API token lookups.
|
|
- exclude:
|
|
id: py/weak-sensitive-data-hashing
|