Code Style Checker: continued to implement checker for security related issues.

Wed, 10 Jun 2020 19:57:25 +0200

author
Detlev Offenbach <detlev@die-offenbachs.de>
date
Wed, 10 Jun 2020 19:57:25 +0200
changeset 7616
01d646569115
parent 7615
ca2949b1a29a
child 7617
a0e162a50ad7

Code Style Checker: continued to implement checker for security related issues.

eric6.e4p file | annotate | diff | comparison | revisions
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py file | annotate | diff | comparison | revisions
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityDefaults.py file | annotate | diff | comparison | revisions
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py file | annotate | diff | comparison | revisions
--- a/eric6.e4p	Wed Jun 10 17:52:53 2020 +0200
+++ b/eric6.e4p	Wed Jun 10 19:57:25 2020 +0200
@@ -342,6 +342,7 @@
     <Source>eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/makoTemplates.py</Source>
     <Source>eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/sshNoHostKeyVerification.py</Source>
     <Source>eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/tryExcept.py</Source>
+    <Source>eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/weakCryptographicKey.py</Source>
     <Source>eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/yamlLoad.py</Source>
     <Source>eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py</Source>
     <Source>eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityContext.py</Source>
--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py	Wed Jun 10 17:52:53 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py	Wed Jun 10 19:57:25 2020 +0200
@@ -61,6 +61,9 @@
         # insecure SSL/TLS protocol version
         "S502", "S503", "S504",
         
+        # weak cryptographic keys
+        "S505",
+        
         # YAML load
         "S506",
         
--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityDefaults.py	Wed Jun 10 17:52:53 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityDefaults.py	Wed Jun 10 19:57:25 2020 +0200
@@ -70,5 +70,14 @@
         'TLSv1_METHOD'],
     
     # tryExcept.py
-    "check_typed_exception": False, 
+    "check_typed_exception": False,
+    
+    # weakCryptographicKey.py
+    "weak_key_size_dsa_high": 1024,
+    "weak_key_size_dsa_medium": 2048,
+    "weak_key_size_rsa_high": 1024,
+    "weak_key_size_rsa_medium": 2048,
+    "weak_key_size_ec_high": 160,
+    "weak_key_size_ec_medium": 224,
+
 }
--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py	Wed Jun 10 17:52:53 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py	Wed Jun 10 19:57:25 2020 +0200
@@ -266,6 +266,11 @@
         "'ssl.wrap_socket' call with no SSL/TLS protocol version specified,"
         " the default 'SSLv23' could be insecure, possible security issue."),
     
+    # weak cryptographic keys
+    "S505": QCoreApplication.translate(
+        "Security",
+        "{0} key sizes below {1:d} bits are considered breakable."),
+    
     # YAML load
     "S506": QCoreApplication.translate(
         "Security",
@@ -360,10 +365,6 @@
     "S999": QCoreApplication.translate(
         "Security",
         "{0}: {1}"),
-    
-##    "S": QCoreApplication.translate(
-##        "Security",
-##        ""),
 }
 
 _securityMessagesSampleArgs = {
@@ -397,6 +398,8 @@
     "S412": ["wsgiref.handlers.CGIHandler"],
     "S413": ["Crypto.Cipher"],
     
+    "S505": ["RSA", 2048],
+    
     "S609": ["os.system"],
     
     "S999": ["SyntaxError", "Invalid Syntax"],

eric ide

mercurial