From 92309d79fdd4bd57a2d0d9fb59ef460271f49331 Mon Sep 17 00:00:00 2001 From: Simon Fayer Date: Tue, 2 Jun 2026 11:35:30 +0100 Subject: [PATCH] fix: Check for hardcoded passwords --- src/DIRAC/Core/DISET/TransferClient.py | 10 +++++----- src/DIRAC/Core/Utilities/MySQL.py | 2 +- .../private/authorization/utils/Tokens.py | 4 ++-- .../Service/TornadoSandboxStoreHandler.py | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/DIRAC/Core/DISET/TransferClient.py b/src/DIRAC/Core/DISET/TransferClient.py index b9a37623950..ce52269c88a 100755 --- a/src/DIRAC/Core/DISET/TransferClient.py +++ b/src/DIRAC/Core/DISET/TransferClient.py @@ -40,7 +40,7 @@ def _sendTransferHeader(self, actionName, fileInfo): self._disconnect(trid) return S_ERROR(f"Cound not request transfer: {str(e)}") - def sendFile(self, filename, fileId, token=""): + def sendFile(self, filename, fileId, token=""): # nosec B107 """ Send a file to server @@ -74,7 +74,7 @@ def sendFile(self, filename, fileId, token=""): fileHelper.oFile.close() self._disconnect(trid) - def receiveFile(self, filename, fileId, token=""): + def receiveFile(self, filename, fileId, token=""): # nosec B107 """ Receive a file from the server @@ -117,7 +117,7 @@ def __checkFileList(self, fileList): bogusEntries.append(entry) return bogusEntries - def sendBulk(self, fileList, bulkId, token="", compress=True, bulkSize=-1, onthefly=True): + def sendBulk(self, fileList, bulkId, token="", compress=True, bulkSize=-1, onthefly=True): # nosec B107 """ Send a bulk of files to server @@ -154,7 +154,7 @@ def sendBulk(self, fileList, bulkId, token="", compress=True, bulkSize=-1, onthe finally: self._disconnect(trid) - def receiveBulk(self, destDir, bulkId, token="", compress=True): + def receiveBulk(self, destDir, bulkId, token="", compress=True): # nosec B107 """ Receive a bulk of files from server @@ -188,7 +188,7 @@ def receiveBulk(self, destDir, bulkId, token="", compress=True): finally: self._disconnect(trid) - def listBulk(self, bulkId, token="", compress=True): + def listBulk(self, bulkId, token="", compress=True): # nosec B107 """ List the contents of a bulk diff --git a/src/DIRAC/Core/Utilities/MySQL.py b/src/DIRAC/Core/Utilities/MySQL.py index 683d25f4251..d1a398c2889 100755 --- a/src/DIRAC/Core/Utilities/MySQL.py +++ b/src/DIRAC/Core/Utilities/MySQL.py @@ -506,7 +506,7 @@ class MySQL: __connectionPools = {} - def __init__(self, hostName="localhost", userName="dirac", passwd="dirac", dbName="", port=3306, debug=False): + def __init__(self, hostName="localhost", userName="dirac", passwd=None, dbName="", port=3306, debug=False): """ set MySQL connection parameters and try to connect diff --git a/src/DIRAC/FrameworkSystem/private/authorization/utils/Tokens.py b/src/DIRAC/FrameworkSystem/private/authorization/utils/Tokens.py index 498249f0653..3e12aa2cee3 100644 --- a/src/DIRAC/FrameworkSystem/private/authorization/utils/Tokens.py +++ b/src/DIRAC/FrameworkSystem/private/authorization/utils/Tokens.py @@ -182,7 +182,7 @@ def groups(self): """ return [s.split(":")[1] for s in self.scopes if s.startswith("g:") and s.split(":")[1]] - def get_payload(self, token_type="access_token"): + def get_payload(self, token_type="access_token"): # nosec B107 """Decode token :param str token_type: token type @@ -196,7 +196,7 @@ def get_payload(self, token_type="access_token"): options=dict(verify_signature=False, verify_exp=False, verify_aud=False, verify_nbf=False), ) - def get_claim(self, claim, token_type="access_token"): + def get_claim(self, claim, token_type="access_token"): # nosec B107 """Get token claim without verification :param str attr: attribute diff --git a/src/DIRAC/WorkloadManagementSystem/Service/TornadoSandboxStoreHandler.py b/src/DIRAC/WorkloadManagementSystem/Service/TornadoSandboxStoreHandler.py index 439d6a0d193..602dc68bedd 100644 --- a/src/DIRAC/WorkloadManagementSystem/Service/TornadoSandboxStoreHandler.py +++ b/src/DIRAC/WorkloadManagementSystem/Service/TornadoSandboxStoreHandler.py @@ -20,5 +20,5 @@ def initializeRequest(self): def export_streamFromClient(self, fileId, token, fileSize, data): return self._getFromClient(fileId, token, fileSize, data=data) - def export_streamToClient(self, fileId, token=""): + def export_streamToClient(self, fileId, token=""): # nosec B107 return self._sendToClient(fileId, token, raw=True)