Remove comments indicating FP or TP

2026-04-08 15:29:45 +02:00
parent 16838618a3
commit 42cdf985ca
10 changed files with 113 additions and 168 deletions
--- a/src/security_demo/services/auth.py
+++ b/src/security_demo/services/auth.py
@@ -9,30 +9,28 @@ from typing import Optional
 class AuthenticationService:
    """Handle user authentication."""

-    # TP: Hardcoded JWT secret
    JWT_SECRET = "hardcoded_jwt_secret_key_2024"

-    # FP: Default for development only
    DEV_SECRET = "development_only_not_production"

    def hash_password_insecure(self, password: str) -> str:
-        """TP: MD5 for password hashing."""
+        """MD5 for password hashing."""
        return hashlib.md5(password.encode()).hexdigest()

    def generate_token_secure(self, user_id: int) -> str:
-        """FP: Secrets module for token generation."""
+        """Secrets module for token generation."""
        token = secrets.token_urlsafe(32)
        return f"{user_id}:{token}"

    def verify_webhook_signature(self, payload: bytes, signature: str) -> bool:
-        """FP: HMAC verification is secure."""
+        """HMAC verification is secure."""
        expected = hmac.new(
            self.JWT_SECRET.encode(), payload, hashlib.sha256
        ).hexdigest()
        return hmac.compare_digest(expected, signature)

    def verify_webhook_insecure(self, payload: bytes, signature: str) -> bool:
-        """TP: Using == for signature comparison (timing attack)."""
+        """Using == for signature comparison (timing attack)."""
        expected = hmac.new(
            self.JWT_SECRET.encode(), payload, hashlib.sha256
        ).hexdigest()
--- a/src/security_demo/services/files.py
+++ b/src/security_demo/services/files.py
@@ -11,32 +11,32 @@ class FileService:
    """Handle file operations."""

    def load_pickle_user_path(self, filepath: str) -> Any:
-        """TP: Pickle from user-controlled path."""
+        """Pickle from user-controlled path."""
        with open(filepath, "rb") as f:
            return pickle.load(f)

    def load_pickle_fixed_path(self) -> Any:
-        """FP: Pickle from known internal path."""
+        """Pickle from known internal path."""
        with open("/etc/app/cache.pkl", "rb") as f:
            return pickle.load(f)

    def save_temp_insecure(self, data: bytes) -> str:
-        """TP: Predictable temp file."""
+        """Predictable temp file."""
        filepath = f"/tmp/data_{os.getpid()}.dat"
        with open(filepath, "wb") as f:
            f.write(data)
        return filepath

    def save_temp_secure(self, data: bytes) -> str:
-        """FP: Secure temp file creation."""
+        """Secure temp file creation."""
        with tempfile.NamedTemporaryFile(delete=False) as f:
            f.write(data)
            return f.name

    def load_yaml_unsafe(self, yaml_string: str) -> Any:
-        """TP: Unsafe YAML loader."""
+        """Unsafe YAML loader."""
        return yaml.load(yaml_string, Loader=yaml.Loader)

    def load_yaml_safe(self, yaml_string: str) -> Any:
-        """FP: SafeLoader is secure."""
+        """SafeLoader is secure."""
        return yaml.safe_load(yaml_string)