Fix false positives for pyCrypto

This patch set fixes an issue where modules whose names begin with
string ``Crypto`` are incorrectly flagged for pyCrypto imports.  The
fix will now explicitly calls out pyCrypto module one sub-level to
avoid the false positives.

Change-Id: Iafd3fae2fc7a13a0a93800ee570c4e1354be1391
Closes-Bug: #1749603
Signed-off-by: Tin Lam <tin@irrational.io>
This commit is contained in:
Tin Lam 2018-02-18 00:36:37 -06:00
parent 6fd7fccf70
commit 91a796b805
2 changed files with 20 additions and 2 deletions

View File

@ -189,7 +189,14 @@ library.
+------+---------------------+------------------------------------+-----------+
| ID | Name | Imports | Severity |
+======+=====================+====================================+===========+
| B413 | import_pycrypto | - Crypto | high |
| B413 | import_pycrypto | - Crypto.Cipher | high |
| | | - Crypto.Hash | |
| | | - Crypto.IO | |
| | | - Crypto.Protocol | |
| | | - Crypto.PublicKey | |
| | | - Crypto.Random | |
| | | - Crypto.Signature | |
| | | - Crypto.Util | |
+------+---------------------+------------------------------------+-----------+
"""
@ -282,7 +289,15 @@ def gen_blacklist():
))
sets.append(utils.build_conf_dict(
'import_pycrypto', 'B413', ['Crypto'],
'import_pycrypto', 'B413',
['Crypto.Cipher',
'Crypto.Hash',
'Crypto.IO',
'Crypto.Protocol',
'Crypto.PublicKey',
'Crypto.Random',
'Crypto.Signature',
'Crypto.Util'],
'The pyCrypto library and its module {name} are no longer actively '
'maintained and have been deprecated. '
'Consider using pyca/cryptography library.', 'HIGH'))

View File

@ -1,8 +1,11 @@
from Crypto.Cipher import AES
from Crypto import Random
from . import CryptoMaterialsCacheEntry
def test_pycrypto():
key = b'Sixteen byte key'
iv = Random.new().read(AES.block_size)
cipher = pycrypto_arc2.new(key, AES.MODE_CFB, iv)
factory = CryptoMaterialsCacheEntry()