Mercurial Repositories > eric / annotate

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/weakCryptographicKey.py@8157eb19aba5 (annotated)

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/weakCryptographicKey.py

Tue, 13 Sep 2022 20:00:55 +0200

author
Detlev Offenbach <detlev@die-offenbachs.de>
date
Tue, 13 Sep 2022 20:00:55 +0200
branch
eric7
changeset 9325
8157eb19aba5
parent 9221
bf71ee032bb4
child 9653
e67609152c5e
permissions
-rw-r--r--

Code Style Checker
- added some more security related checks

7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
1 # -*- coding: utf-8 -*-
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
2
8881
54e42bc2437a Updated copyright for 2022.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 8312
diff changeset
3 # Copyright (c) 2020 - 2022 Detlev Offenbach <detlev@die-offenbachs.de>
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
4 #
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
5
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
6 """
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
7 Module implementing checks for weak cryptographic key use.
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
8 """
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
9
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
10 #
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
11 # This is a modified version of the one found in the bandit package.
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
12 #
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
13 # Original Copyright 2014 Hewlett-Packard Development Company, L.P.
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
14 #
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
15 # SPDX-License-Identifier: Apache-2.0
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
16 #
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
17
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
18 from Security.SecurityDefaults import SecurityDefaults
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
19
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
20
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
21 def getChecks():
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
22 """
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
23 Public method to get a dictionary with checks handled by this module.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
24
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
25 @return dictionary containing checker lists containing checker function and
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
26 list of codes
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
27 @rtype dict
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
28 """
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
29 return {
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
30 "Call": [
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
31 (checkWeakCryptographicKey, ("S505",)),
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
32 ],
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
33 }
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
34
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
35
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
36 def _classifyKeySize(reportError, config, keyType, keySize, node):
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
37 """
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
38 Function to classify a key and report an error if insufficient.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
39
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
40 @param reportError function to be used to report errors
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
41 @type func
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
42 @param config dictionary with configuration data
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
43 @type dict
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
44 @param keyType type of key to be classified ('DSA', 'RSA', 'EC')
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
45 @type str
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
46 @param keySize size of the key to be classified
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
47 @type int
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
48 @param node node the key was extracted from (needed for reporting)
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
49 @type ast.Call
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
50 @return flag indicating an error was reported
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
51 @rtype bool
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
52 """
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
53 if isinstance(keySize, str):
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
54 # try to convert to an integer
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
55 try:
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
56 keySize = int(keySize)
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
57 except ValueError:
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
58 # size provided via a variable - can't process it at the moment
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
59 return False
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
60
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
61 conf = {}
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
62 conf.update(SecurityDefaults)
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
63 if config:
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
64 conf.update(config)
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
65
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
66 keySizes = {
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
67 "DSA": [
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
68 (conf["weak_key_size_dsa_high"], "H"),
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
69 (conf["weak_key_size_dsa_medium"], "M"),
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
70 ],
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
71 "RSA": [
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
72 (conf["weak_key_size_rsa_high"], "H"),
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
73 (conf["weak_key_size_rsa_medium"], "M"),
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
74 ],
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
75 "EC": [
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
76 (conf["weak_key_size_ec_high"], "H"),
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
77 (conf["weak_key_size_ec_medium"], "M"),
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
78 ],
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
79 }
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
80
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
81 for size, level in keySizes[keyType]:
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
82 if keySize < size:
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
83 reportError(
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
84 node.lineno - 1, node.col_offset, "S505", level, "H", keyType, size
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
85 )
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
86 return True
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
87
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
88 return False
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
89
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
90
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
91 def _weakCryptoKeySizeCryptography(reportError, context, config):
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
92 """
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
93 Function to check 'cryptography.hazmat' for weak key use.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
94
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
95 @param reportError function to be used to report errors
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
96 @type func
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
97 @param context security context object
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
98 @type SecurityContext
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
99 @param config dictionary with configuration data
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
100 @type dict
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
101 @return flag indicating an error was reported
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
102 @rtype bool
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
103 """
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
104 funcKeyType = {
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
105 "cryptography.hazmat.primitives.asymmetric.dsa.generate_private_key": "DSA",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
106 "cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key": "RSA",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
107 "cryptography.hazmat.primitives.asymmetric.ec.generate_private_key": "EC",
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
108 }
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
109 argPosition = {
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
110 "DSA": 0,
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
111 "RSA": 1,
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
112 "EC": 0,
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
113 }
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
114 keyType = funcKeyType.get(context.callFunctionNameQual)
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
115 if keyType in ["DSA", "RSA"]:
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
116 keySize = (
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
117 context.getCallArgValue("key_size")
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
118 or context.getCallArgAtPosition(argPosition[keyType])
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
119 or 2048
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
120 )
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
121 return _classifyKeySize(reportError, config, keyType, keySize, context.node)
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
122
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
123 elif keyType == "EC":
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
124 curveKeySizes = {
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
125 "SECT571K1": 571,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
126 "SECT571R1": 570,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
127 "SECP521R1": 521,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
128 "BrainpoolP512R1": 512,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
129 "SECT409K1": 409,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
130 "SECT409R1": 409,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
131 "BrainpoolP384R1": 384,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
132 "SECP384R1": 384,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
133 "SECT283K1": 283,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
134 "SECT283R1": 283,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
135 "BrainpoolP256R1": 256,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
136 "SECP256K1": 256,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
137 "SECP256R1": 256,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
138 "SECT233K1": 233,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
139 "SECT233R1": 233,
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
140 "SECP224R1": 224,
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
141 "SECP192R1": 192,
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
142 "SECT163K1": 163,
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
143 "SECT163R2": 163,
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
144 }
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
145 curve = context.getCallArgValue("curve") or (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
146 len(context.callArgs) > argPosition[keyType]
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
147 and context.callArgs[argPosition[keyType]]
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
148 )
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
149 keySize = curveKeySizes[curve] if curve in curveKeySizes else 224
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
150 return _classifyKeySize(reportError, config, keyType, keySize, context.node)
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
151
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
152 else:
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
153 return False
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
154
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
155
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
156 def _weakCryptoKeySizePycrypto(reportError, context, config):
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
157 """
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
158 Function to check 'pycrypto' for weak key use.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
159
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
160 @param reportError function to be used to report errors
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
161 @type func
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
162 @param context security context object
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
163 @type SecurityContext
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
164 @param config dictionary with configuration data
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
165 @type dict
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
166 @return flag indicating an error was reported
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
167 @rtype bool
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
168 """
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
169 funcKeyType = {
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
170 "Crypto.PublicKey.DSA.generate": "DSA",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
171 "Crypto.PublicKey.RSA.generate": "RSA",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
172 "Cryptodome.PublicKey.DSA.generate": "DSA",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
173 "Cryptodome.PublicKey.RSA.generate": "RSA",
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
174 }
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
175 keyType = funcKeyType.get(context.callFunctionNameQual)
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
176 if keyType:
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
177 keySize = (
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
178 context.getCallArgValue("bits") or context.getCallArgAtPosition(0) or 2048
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
179 )
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
180 return _classifyKeySize(reportError, config, keyType, keySize, context.node)
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
181
7628
f904d0eef264 Checked the reported security related issue reports generated by the new security checker.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7618
diff changeset
182 return False
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
183
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
184
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
185 def checkWeakCryptographicKey(reportError, context, config):
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
186 """
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
187 Function to check for weak cryptographic key use.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
188
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
189 @param reportError function to be used to report errors
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
190 @type func
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
191 @param context security context object
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
192 @type SecurityContext
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
193 @param config dictionary with configuration data
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
194 @type dict
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
195 """
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
196 (
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
197 _weakCryptoKeySizeCryptography(reportError, context, config)
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
198 or _weakCryptoKeySizePycrypto(reportError, context, config)
7618
cba5c14bcd5e Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
199 )

Mercurial Repository: eric

eric ide

mercurial