Mercurial Repositories > eric / annotate

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/awsHardcodedPassword.py@bf71ee032bb4 (annotated)

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/awsHardcodedPassword.py

Wed, 13 Jul 2022 14:55:47 +0200

author
Detlev Offenbach <detlev@die-offenbachs.de>
date
Wed, 13 Jul 2022 14:55:47 +0200
branch
eric7
changeset 9221
bf71ee032bb4
parent 9209
b99e7fd55fd3
child 9473
3f23dbf37dbe
permissions
-rw-r--r--

Reformatted the source code using the 'Black' utility.

7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
1 # -*- coding: utf-8 -*-
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
2
8881
54e42bc2437a Updated copyright for 2022.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 8312
diff changeset
3 # Copyright (c) 2020 - 2022 Detlev Offenbach <detlev@die-offenbachs.de>
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
4 #
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
5
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
6 """
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
7 Module implementing checks for potentially hardcoded AWS passwords.
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
8 """
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
9
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
10 #
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
11 # This is a modified version of the one found at
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
12 # https://pypi.org/project/bandit-aws/.
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
13 #
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
14 # Original Copyright 2020 CMCRC (devcdt@cmcrc.com)
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
15 #
7628
f904d0eef264 Checked the reported security related issue reports generated by the new security checker.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7622
diff changeset
16 # Original License: GPLv3
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
17 #
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
18
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
19 from collections import Counter
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
20 import math
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
21 import re
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
22 import string
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
23
7628
f904d0eef264 Checked the reported security related issue reports generated by the new security checker.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7622
diff changeset
24
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
25 def getChecks():
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
26 """
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
27 Public method to get a dictionary with checks handled by this module.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
28
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
29 @return dictionary containing checker lists containing checker function and
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
30 list of codes
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
31 @rtype dict
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
32 """
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
33 return {
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
34 "Str": [
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
35 (checkHardcodedAwsKey, ("S801", "S802")),
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
36 ],
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
37 }
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
38
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
39
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
40 AWS_ACCESS_KEY_ID_SYMBOLS = string.ascii_uppercase + string.digits
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
41 AWS_ACCESS_KEY_ID_REGEX = re.compile("[" + AWS_ACCESS_KEY_ID_SYMBOLS + "]{20}")
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
42 AWS_ACCESS_KEY_ID_MAX_ENTROPY = 3
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
43
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
44 AWS_SECRET_ACCESS_KEY_SYMBOLS = string.ascii_letters + string.digits + "/+="
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
45 AWS_SECRET_ACCESS_KEY_REGEX = re.compile("[" + AWS_SECRET_ACCESS_KEY_SYMBOLS + "]{40}")
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
46 AWS_SECRET_ACCESS_KEY_MAX_ENTROPY = 4.5
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
47
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
48
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
49 def shannonEntropy(data, symbols):
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
50 """
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
51 Function to caclculate the Shannon entropy of some given data.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
52
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
53 Source:
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
54 http://blog.dkbza.org/2007/05/scanning-data-for-entropy-anomalies.html
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
55
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
56 @param data data to calculate the entropy for
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
57 @type str
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
58 @param symbols allowed symbols
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
59 @type str
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
60 @return Shannon entropy of the given data
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
61 @rtype float
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
62 """
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
63 if not data:
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
64 return 0
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
65 entropy = 0
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
66 counts = Counter(data)
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
67 for x in symbols:
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
68 p_x = float(counts[x]) / len(data)
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
69 if p_x > 0:
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
70 entropy += -p_x * math.log(p_x, 2)
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
71 return entropy
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
72
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
73
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
74 def checkHardcodedAwsKey(reportError, context, config):
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
75 """
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
76 Function to check for potentially hardcoded AWS passwords.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
77
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
78 @param reportError function to be used to report errors
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
79 @type func
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
80 @param context security context object
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
81 @type SecurityContext
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
82 @param config dictionary with configuration data
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
83 @type dict
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
84 """
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
85 node = context.node
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
86 if AWS_ACCESS_KEY_ID_REGEX.fullmatch(node.s):
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
87 entropy = shannonEntropy(node.s, AWS_ACCESS_KEY_ID_SYMBOLS)
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
88 if entropy > AWS_ACCESS_KEY_ID_MAX_ENTROPY:
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
89 reportError(
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
90 context.node.lineno - 1,
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
91 context.node.col_offset,
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
92 "S801",
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
93 "L",
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
94 "M",
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
95 node.s,
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
96 )
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
97
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
98 elif AWS_SECRET_ACCESS_KEY_REGEX.fullmatch(node.s):
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
99 entropy = shannonEntropy(node.s, AWS_SECRET_ACCESS_KEY_SYMBOLS)
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
100 if entropy > AWS_SECRET_ACCESS_KEY_MAX_ENTROPY:
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
101 reportError(
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
102 context.node.lineno - 1,
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
103 context.node.col_offset,
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
104 "S802",
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
105 "M",
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
106 "M",
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
107 node.s,
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
108 )

Mercurial Repository: eric

eric ide

mercurial