Wrong security hotspot detection in Python Flask

Template for a good new topic, formatted with Markdown:

  • ALM used: GitHub
  • CI system used: GitHub Actions
  • Languages of the repository: Python
  • Error observed:
    Sonarcloud detects some security configuration in Python Flask (SECURITY_PASSWORD_HASH) as potential password.
  • To reproduce: Create a Flask project and add SECURITY_PASSWORD_HASH as part of the configuration in python code. It sets the crypto algorithm used to hash passwords, so it’s basically safe.
  • Potential workaround: I could set the line as safe and be done with it, but I believe the community would benefit from an update of the scanner rules


1 Like


Thanks for this report. Could you provide a code snippet and/or a bit more context?



The line that’s marked for review:

    app.config["SECURITY_PASSWORD_HASH"] = "sha512_crypt"

Sonar detects it as hardcoded password while it isn’t

1 Like

Hello @lachaib ,

Thanks for the report! I have created a ticket for it: [SONARPY-1061] Rule S2068: Add SECURITY_PASSWORD_HASH exception - SonarSource

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.