Mercurial Repositories > eric / annotate

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/insecureHashlibNew.py@f5f5f5803935 (annotated)

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/insecureHashlibNew.py

Tue, 10 Dec 2024 15:46:34 +0100

author
Detlev Offenbach <detlev@die-offenbachs.de>
date
Tue, 10 Dec 2024 15:46:34 +0100
branch
eric7
changeset 11090
f5f5f5803935
parent 10507
d1c6608155ef
permissions
-rw-r--r--

Updated copyright for 2025.

7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
1 # -*- coding: utf-8 -*-
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
2
11090
f5f5f5803935 Updated copyright for 2025.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10507
diff changeset
3 # Copyright (c) 2020 - 2025 Detlev Offenbach <detlev@die-offenbachs.de>
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
4 #
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
5
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
6 """
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
7 Module implementing a check for use of insecure md4, md5, or sha1 hash
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
8 functions in hashlib.new().
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
9 """
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
10
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
11 import sys
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
12
9473
3f23dbf37dbe Resorted the import statements using isort.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9325
diff changeset
13 from Security.SecurityDefaults import SecurityDefaults
3f23dbf37dbe Resorted the import statements using isort.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9325
diff changeset
14
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
15 #
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
16 # This is a modified version of the one found in the bandit package.
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
17 #
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
18 # Original Copyright 2014 Hewlett-Packard Development Company, L.P.
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
19 #
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
20 # SPDX-License-Identifier: Apache-2.0
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
21 #
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
22
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
23
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
24 def getChecks():
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
25 """
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
26 Public method to get a dictionary with checks handled by this module.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
27
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
28 @return dictionary containing checker lists containing checker function and
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
29 list of codes
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
30 @rtype dict
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
31 """
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
32 return {
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
33 "Call": [
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
34 (checkHashlib, ("S331",)),
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
35 ],
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
36 }
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
37
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
38
10507
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
39 def _hashlibFunc(reportError, context, func, config):
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
40 """
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
41 Function to check for use of insecure md4, md5, sha or sha1 hash functions
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
42 in hashlib.new() if 'usedforsecurity' is not set to 'False'.
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
43
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
44 @param reportError function to be used to report errors
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
45 @type func
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
46 @param context security context object
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
47 @type SecurityContext
10507
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
48 @param func name of the hash function
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
49 @type str
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
50 @param config dictionary with configuration data
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
51 @type dict
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
52 """
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
53 insecureHashes = (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
54 [h.lower() for h in config["insecure_hashes"]]
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
55 if config and "insecure_hashes" in config
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
56 else SecurityDefaults["insecure_hashes"]
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
57 )
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
58
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
59 if isinstance(context.callFunctionNameQual, str):
10507
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
60 keywords = context.callKeywords
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
61
10507
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
62 if func in insecureHashes:
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
63 if keywords.get("usedforsecurity", "True") == "True":
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
64 reportError(
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
65 context.node.lineno - 1,
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
66 context.node.col_offset,
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
67 "S332",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
68 "H",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
69 "H",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
70 func.upper(),
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
71 )
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
72 elif func == "new":
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
73 args = context.callArgs
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
74 name = args[0] if args else keywords.get("name")
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
75 if (
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
76 isinstance(name, str)
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
77 and name.lower() in insecureHashes
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
78 and keywords.get("usedforsecurity", "True") == "True"
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
79 ):
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
80 reportError(
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
81 context.node.lineno - 1,
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
82 context.node.col_offset,
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
83 "S332",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
84 "H",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
85 "H",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
86 name.upper(),
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
87 )
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
88
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
89
10507
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
90 def _hashlibNew(reportError, context, func, config):
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
91 """
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
92 Function to check for use of insecure md4, md5, sha or sha1 hash functions
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
93 in hashlib.new().
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
94
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
95 @param reportError function to be used to report errors
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
96 @type func
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
97 @param context security context object
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
98 @type SecurityContext
10507
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
99 @param func name of the hash function
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
100 @type str
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
101 @param config dictionary with configuration data
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
102 @type dict
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
103 """
8259
2bbec88047dd Applied some more code simplifications suggested by the new Simplify checker (Y108: use ternary operator).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7923
diff changeset
104 insecureHashes = (
2bbec88047dd Applied some more code simplifications suggested by the new Simplify checker (Y108: use ternary operator).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7923
diff changeset
105 [h.lower() for h in config["insecure_hashes"]]
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
106 if config and "insecure_hashes" in config
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
107 else SecurityDefaults["insecure_hashes"]
8259
2bbec88047dd Applied some more code simplifications suggested by the new Simplify checker (Y108: use ternary operator).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7923
diff changeset
108 )
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
109
10507
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
110 if func == "new":
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
111 args = context.callArgs
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
112 keywords = context.callKeywords
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
113 name = args[0] if args else keywords.get("name")
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
114 if isinstance(name, str) and name.lower() in insecureHashes:
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
115 reportError(
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
116 context.node.lineno - 1,
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
117 context.node.col_offset,
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
118 "S331",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
119 "M",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
120 "H",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
121 name.upper(),
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
122 )
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
123
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
124
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
125 def _cryptCrypt(reportError, context, func, config):
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
126 """
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
127 Function to check for use of insecure md4, md5, sha or sha1 hash functions
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
128 in crypt.crypt().
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
129
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
130 @param reportError function to be used to report errors
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
131 @type func
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
132 @param context security context object
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
133 @type SecurityContext
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
134 @param func name of the hash function
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
135 @type str
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
136 @param config dictionary with configuration data
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
137 @type dict
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
138 """
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
139 insecureHashes = (
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
140 [h.lower() for h in config["insecure_hashes"]]
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
141 if config and "insecure_hashes" in config
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
142 else SecurityDefaults["insecure_hashes"]
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
143 )
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
144
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
145 args = context.callArgs
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
146 keywords = context.callKeywords
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
147
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
148 if func == "crypt":
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
149 name = args[1] if len(args) > 1 else keywords.get("salt")
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
150 if isinstance(name, str) and name in insecureHashes:
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
151 reportError(
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
152 context.node.lineno - 1,
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
153 context.node.col_offset,
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
154 "S331",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
155 "M",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
156 "H",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
157 name.upper(),
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
158 )
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
159
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
160 elif func == "mksalt":
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
161 name = args[0] if args else keywords.get("method")
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
162 if isinstance(name, str) and name in insecureHashes:
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
163 reportError(
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
164 context.node.lineno - 1,
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
165 context.node.col_offset,
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
166 "S331",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
167 "M",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
168 "H",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
169 name.upper(),
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
170 )
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
171
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
172
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
173 def checkHashlib(reportError, context, config):
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
174 """
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
175 Function to check for use of insecure md4, md5, sha or sha1 hash functions
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
176 in hashlib.new().
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
177
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
178 @param reportError function to be used to report errors
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
179 @type func
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
180 @param context security context object
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
181 @type SecurityContext
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
182 @param config dictionary with configuration data
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
183 @type dict
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
184 """
10507
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
185 if isinstance(context.callFunctionNameQual, str):
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
186 qualnameList = context.callFunctionNameQual.split(".")
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
187 func = qualnameList[-1]
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
188
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
189 if "hashlib" in qualnameList:
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
190 if sys.version_info >= (3, 9):
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
191 _hashlibFunc(reportError, context, func, config)
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
192 else:
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
193 _hashlibNew(reportError, context, func, config)
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
194 elif "crypt" in qualnameList and func in ("crypt", "mksalt"):
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
195 _cryptCrypt(reportError, context, func, config)

Mercurial Repository: eric

eric ide

mercurial