Remove FP/TP identifiers and rename methods and variables

src/security_demo/database.py

@@ -1,10 +1,4 @@
-"""Database module - streamlined version.
-
-FINDING CLASSIFICATIONS:
-- TRUE POSITIVE (TP): Actual security vulnerability
-- FALSE POSITIVE (FP): Flagged but not a real issue in context
-- UNCERTAIN: Could be either depending on deployment context
-"""
+"""Database module."""
 
 import hashlib
 import hmac
@@ -16,32 +10,28 @@ from sqlalchemy.orm import sessionmaker
 
 
 class DatabaseManager:
-    """Database operations with SQL patterns."""
+    """Database operations."""
 
     def __init__(self, db_url: str = "sqlite:///app.db"):
         self.engine = create_engine(db_url)
         self.Session = sessionmaker(bind=self.engine)
 
-    # =========================================================================
-    # SQL INJECTION PATTERNS
-    # =========================================================================
-
-    def find_by_username_unsafe(self, username: str) -> Optional[dict]:
-        """TP: SQL injection via string formatting."""
+    def find_by_username_fstring(self, username: str) -> Optional[dict]:
+        """Look up a single user record by username."""
         session = self.Session()
         query = f"SELECT * FROM users WHERE username = '{username}'"
         result = session.execute(text(query))
         return result.fetchone()
 
-    def search_users_unsafe(self, search_term: str) -> List[dict]:
-        """TP: SQL injection in LIKE clause."""
+    def search_users_fstring(self, search_term: str) -> List[dict]:
+        """Search for users by partial username match."""
         session = self.Session()
         query = f"SELECT * FROM users WHERE username LIKE '%{search_term}%'"
         result = session.execute(text(query))
         return result.fetchall()
 
-    def find_by_id_safe(self, user_id: int) -> Optional[dict]:
-        """FP: Parameterized query is safe."""
+    def find_by_id_param(self, user_id: int) -> Optional[dict]:
+        """Look up a single user record by id."""
         session = self.Session()
         result = session.execute(
             text("SELECT * FROM users WHERE id = :id"), {"id": user_id}
@@ -49,7 +39,7 @@ class DatabaseManager:
         return result.fetchone()
 
     def dynamic_column_sort(self, column: str, order: str = "ASC") -> List[dict]:
-        """UNCERTAIN: Column name from allowlist but still uses f-string."""
+        """Return users sorted by an allowlisted column name."""
         allowed_columns = ["username", "email", "created_at"]
         if column not in allowed_columns:
             raise ValueError("Invalid column")
@@ -60,18 +50,18 @@ class DatabaseManager:
 
 
 class PasswordManager:
-    """Password hashing patterns."""
+    """Password hashing."""
 
     def hash_password_md5(self, password: str) -> str:
-        """TP: MD5 is cryptographically broken for passwords."""
+        """Compute an MD5 hex digest of a password."""
         return hashlib.md5(password.encode()).hexdigest()
 
     def hash_password_sha1(self, password: str) -> str:
-        """TP: SHA1 is weak for password hashing."""
+        """Compute a SHA1 hex digest of a password."""
         return hashlib.sha1(password.encode()).hexdigest()
 
     def compute_file_checksum_md5(self, filepath: str) -> str:
-        """FP: MD5 acceptable for file integrity (non-security)."""
+        """Compute an MD5 checksum for a file."""
         hasher = hashlib.md5(usedforsecurity=False)
         with open(filepath, "rb") as f:
             for chunk in iter(lambda: f.read(4096), b""):
@@ -81,12 +71,12 @@ class PasswordManager:
     def verify_signature_sha256(
         self, message: bytes, signature: str, key: bytes
     ) -> bool:
-        """FP: HMAC-SHA256 for signatures is secure."""
+        """Verify an HMAC-SHA256 signature."""
         expected = hmac.new(key, message, hashlib.sha256).hexdigest()
         return hmac.compare_digest(expected, signature)
 
     def hash_password_pbkdf2(self, password: str) -> tuple:
-        """FP: PBKDF2 is a proper password hash."""
+        """Derive a PBKDF2 password hash."""
         salt = secrets.token_bytes(32)
         key = hashlib.pbkdf2_hmac("sha256", password.encode(), salt, 600000)
         return key.hex(), salt.hex()