Remove term ‘blacklist’ from codebase

‘Commonly used passwords’ is more specific, and avoids the terminology
‘blacklist’ which the National Cyber Security Centre explain to be
problematic:

> It's fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cyber security. For instance, when talking about which applications you will allow or deny on your corporate network; or deciding which bad passwords you want your users not to be able to use.
>
> However, there's an issue with the terminology. It only makes sense if you equate white with 'good, permitted, safe' and black with 'bad, dangerous, forbidden'. There are some obvious problems with this. So in the name of helping to stamp out racism in cyber security, we will
> avoid this casually pejorative wording on our website in the future. No, it's not the biggest issue in the world - but to borrow a slogan from elsewhere: every little helps.

– https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white
This commit is contained in:
Chris Hill-Scott
2020-06-16 18:04:29 +01:00
parent 5952d9c26d
commit 972ba9e3da
4 changed files with 8 additions and 8 deletions

View File

@@ -1,4 +1,4 @@
blacklisted_passwords = [
commonly_used_passwords = [
'govuknotify',
'GOVUKnotify',
'GOV.UK Notify',

View File

@@ -41,7 +41,7 @@ from wtforms.widgets import CheckboxInput, ListWidget
from app import format_thousands
from app.main.validators import (
Blacklist,
CommonlyUsedPassword,
CsvFileValidator,
DoesNotStartWithDoubleZero,
LettersNumbersFullStopsAndUnderscoresOnly,
@@ -184,7 +184,7 @@ def password(label='Password'):
return PasswordField(label,
validators=[DataRequired(message='Cannot be empty'),
Length(8, 255, message='Must be at least 8 characters'),
Blacklist(message='Choose a password thats harder to guess')])
CommonlyUsedPassword(message='Choose a password thats harder to guess')])
class SMSCode(StringField):

View File

@@ -9,18 +9,18 @@ from notifications_utils.recipients import (
from notifications_utils.sanitise_text import SanitiseSMS
from wtforms import ValidationError
from app.main._blacklisted_passwords import blacklisted_passwords
from app.main._commonly_used_passwords import commonly_used_passwords
from app.utils import Spreadsheet, is_gov_user
class Blacklist:
class CommonlyUsedPassword:
def __init__(self, message=None):
if not message:
message = 'Password is blacklisted.'
message = 'Password is in list of commonly used passwords.'
self.message = message
def __call__(self, form, field):
if field.data in blacklisted_passwords:
if field.data in commonly_used_passwords:
raise ValidationError(self.message)

View File

@@ -150,7 +150,7 @@ def test_should_add_user_details_to_session(
assert session['user_details']['email'] == email_address
def test_should_return_200_if_password_is_blacklisted(
def test_should_return_200_if_password_is_on_list_of_commonly_used_passwords(
client,
mock_get_user_by_email,
mock_login,