Fix false positives for pyCrypto
This patch set fixes an issue where modules whose names begin with string ``Crypto`` are incorrectly flagged for pyCrypto imports. The fix will now explicitly calls out pyCrypto module one sub-level to avoid the false positives. Change-Id: Iafd3fae2fc7a13a0a93800ee570c4e1354be1391 Closes-Bug: #1749603 Signed-off-by: Tin Lam <tin@irrational.io>
This commit is contained in:
parent
6fd7fccf70
commit
91a796b805
|
@ -189,7 +189,14 @@ library.
|
||||||
+------+---------------------+------------------------------------+-----------+
|
+------+---------------------+------------------------------------+-----------+
|
||||||
| ID | Name | Imports | Severity |
|
| ID | Name | Imports | Severity |
|
||||||
+======+=====================+====================================+===========+
|
+======+=====================+====================================+===========+
|
||||||
| B413 | import_pycrypto | - Crypto | high |
|
| B413 | import_pycrypto | - Crypto.Cipher | high |
|
||||||
|
| | | - Crypto.Hash | |
|
||||||
|
| | | - Crypto.IO | |
|
||||||
|
| | | - Crypto.Protocol | |
|
||||||
|
| | | - Crypto.PublicKey | |
|
||||||
|
| | | - Crypto.Random | |
|
||||||
|
| | | - Crypto.Signature | |
|
||||||
|
| | | - Crypto.Util | |
|
||||||
+------+---------------------+------------------------------------+-----------+
|
+------+---------------------+------------------------------------+-----------+
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
@ -282,7 +289,15 @@ def gen_blacklist():
|
||||||
))
|
))
|
||||||
|
|
||||||
sets.append(utils.build_conf_dict(
|
sets.append(utils.build_conf_dict(
|
||||||
'import_pycrypto', 'B413', ['Crypto'],
|
'import_pycrypto', 'B413',
|
||||||
|
['Crypto.Cipher',
|
||||||
|
'Crypto.Hash',
|
||||||
|
'Crypto.IO',
|
||||||
|
'Crypto.Protocol',
|
||||||
|
'Crypto.PublicKey',
|
||||||
|
'Crypto.Random',
|
||||||
|
'Crypto.Signature',
|
||||||
|
'Crypto.Util'],
|
||||||
'The pyCrypto library and its module {name} are no longer actively '
|
'The pyCrypto library and its module {name} are no longer actively '
|
||||||
'maintained and have been deprecated. '
|
'maintained and have been deprecated. '
|
||||||
'Consider using pyca/cryptography library.', 'HIGH'))
|
'Consider using pyca/cryptography library.', 'HIGH'))
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
from Crypto.Cipher import AES
|
from Crypto.Cipher import AES
|
||||||
from Crypto import Random
|
from Crypto import Random
|
||||||
|
|
||||||
|
from . import CryptoMaterialsCacheEntry
|
||||||
|
|
||||||
|
|
||||||
def test_pycrypto():
|
def test_pycrypto():
|
||||||
key = b'Sixteen byte key'
|
key = b'Sixteen byte key'
|
||||||
iv = Random.new().read(AES.block_size)
|
iv = Random.new().read(AES.block_size)
|
||||||
cipher = pycrypto_arc2.new(key, AES.MODE_CFB, iv)
|
cipher = pycrypto_arc2.new(key, AES.MODE_CFB, iv)
|
||||||
|
factory = CryptoMaterialsCacheEntry()
|
||||||
|
|
Loading…
Reference in New Issue