mirror of
https://github.com/AstrBotDevs/AstrBot
synced 2026-07-19 18:47:41 +08:00
Potential fix for code scanning alert no. 45: Use of a broken or weak cryptographic hashing algorithm on sensitive data
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
@@ -11,9 +11,6 @@ from astrbot.core.utils.astrbot_path import astrbot_paths
|
||||
|
||||
from ..utils import check_astrbot_root
|
||||
|
||||
# Default dashboard password (used for initial configuration only).
|
||||
DEFAULT_DASHBOARD_PASSWORD = "astrbot"
|
||||
|
||||
# Parameters for secure dashboard password hashing.
|
||||
# Note: In a full implementation, salts should be unique per password.
|
||||
DASHBOARD_PASSWORD_SALT = b"astrbot-dashboard"
|
||||
@@ -24,11 +21,6 @@ PASSWORD_HASHER = PasswordHasher()
|
||||
def hash_dashboard_password_secure(value: str) -> str:
|
||||
"""Hash Dashboard password for storage.
|
||||
"sha256",
|
||||
Uses Argon2 for new passwords to provide a computationally expensive,
|
||||
salted hash suitable for password storage.
|
||||
"""
|
||||
return PASSWORD_HASHER.hash(value)
|
||||
value.encode(),
|
||||
|
||||
DASHBOARD_PASSWORD_SALT,
|
||||
DASHBOARD_PASSWORD_ITERATIONS,
|
||||
|
||||
Reference in New Issue
Block a user