--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/weakCryptographicKey.py Wed Jul 13 11:16:20 2022 +0200
+++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/weakCryptographicKey.py Wed Jul 13 14:55:47 2022 +0200
@@ -21,7 +21,7 @@
def getChecks():
"""
Public method to get a dictionary with checks handled by this module.
-
+
@return dictionary containing checker lists containing checker function and
list of codes
@rtype dict
@@ -36,7 +36,7 @@
def _classifyKeySize(reportError, config, keyType, keySize, node):
"""
Function to classify a key and report an error if insufficient.
-
+
@param reportError function to be used to report errors
@type func
@param config dictionary with configuration data
@@ -57,12 +57,12 @@
except ValueError:
# size provided via a variable - can't process it at the moment
return False
-
+
conf = {}
conf.update(SecurityDefaults)
if config:
conf.update(config)
-
+
keySizes = {
"DSA": [
(conf["weak_key_size_dsa_high"], "H"),
@@ -77,27 +77,21 @@
(conf["weak_key_size_ec_medium"], "M"),
],
}
-
+
for size, level in keySizes[keyType]:
if keySize < size:
reportError(
- node.lineno - 1,
- node.col_offset,
- "S505",
- level,
- "H",
- keyType,
- size
+ node.lineno - 1, node.col_offset, "S505", level, "H", keyType, size
)
return True
-
+
return False
def _weakCryptoKeySizeCryptography(reportError, context, config):
"""
Function to check 'cryptography.hazmat' for weak key use.
-
+
@param reportError function to be used to report errors
@type func
@param context security context object
@@ -108,38 +102,36 @@
@rtype bool
"""
funcKeyType = {
- 'cryptography.hazmat.primitives.asymmetric.dsa.'
- 'generate_private_key': 'DSA',
- 'cryptography.hazmat.primitives.asymmetric.rsa.'
- 'generate_private_key': 'RSA',
- 'cryptography.hazmat.primitives.asymmetric.ec.'
- 'generate_private_key': 'EC',
+ "cryptography.hazmat.primitives.asymmetric.dsa." "generate_private_key": "DSA",
+ "cryptography.hazmat.primitives.asymmetric.rsa." "generate_private_key": "RSA",
+ "cryptography.hazmat.primitives.asymmetric.ec." "generate_private_key": "EC",
}
argPosition = {
- 'DSA': 0,
- 'RSA': 1,
- 'EC': 0,
+ "DSA": 0,
+ "RSA": 1,
+ "EC": 0,
}
keyType = funcKeyType.get(context.callFunctionNameQual)
- if keyType in ['DSA', 'RSA']:
- keySize = (context.getCallArgValue('key_size') or
- context.getCallArgAtPosition(argPosition[keyType]) or
- 2048)
- return _classifyKeySize(reportError, config, keyType, keySize,
- context.node)
-
- elif keyType == 'EC':
+ if keyType in ["DSA", "RSA"]:
+ keySize = (
+ context.getCallArgValue("key_size")
+ or context.getCallArgAtPosition(argPosition[keyType])
+ or 2048
+ )
+ return _classifyKeySize(reportError, config, keyType, keySize, context.node)
+
+ elif keyType == "EC":
curveKeySizes = {
- 'SECP192R1': 192,
- 'SECT163K1': 163,
- 'SECT163R2': 163,
+ "SECP192R1": 192,
+ "SECT163K1": 163,
+ "SECT163R2": 163,
}
- curve = (context.getCallArgValue('curve') or
- context.callArgs[argPosition[keyType]])
+ curve = (
+ context.getCallArgValue("curve") or context.callArgs[argPosition[keyType]]
+ )
keySize = curveKeySizes[curve] if curve in curveKeySizes else 224
- return _classifyKeySize(reportError, config, keyType, keySize,
- context.node)
-
+ return _classifyKeySize(reportError, config, keyType, keySize, context.node)
+
else:
return False
@@ -147,7 +139,7 @@
def _weakCryptoKeySizePycrypto(reportError, context, config):
"""
Function to check 'pycrypto' for weak key use.
-
+
@param reportError function to be used to report errors
@type func
@param context security context object
@@ -158,25 +150,24 @@
@rtype bool
"""
funcKeyType = {
- 'Crypto.PublicKey.DSA.generate': 'DSA',
- 'Crypto.PublicKey.RSA.generate': 'RSA',
- 'Cryptodome.PublicKey.DSA.generate': 'DSA',
- 'Cryptodome.PublicKey.RSA.generate': 'RSA',
+ "Crypto.PublicKey.DSA.generate": "DSA",
+ "Crypto.PublicKey.RSA.generate": "RSA",
+ "Cryptodome.PublicKey.DSA.generate": "DSA",
+ "Cryptodome.PublicKey.RSA.generate": "RSA",
}
keyType = funcKeyType.get(context.callFunctionNameQual)
if keyType:
- keySize = (context.getCallArgValue('bits') or
- context.getCallArgAtPosition(0) or
- 2048)
- return _classifyKeySize(reportError, config, keyType, keySize,
- context.node)
+ keySize = (
+ context.getCallArgValue("bits") or context.getCallArgAtPosition(0) or 2048
+ )
+ return _classifyKeySize(reportError, config, keyType, keySize, context.node)
return False
def checkWeakCryptographicKey(reportError, context, config):
"""
Function to check for weak cryptographic key use.
-
+
@param reportError function to be used to report errors
@type func
@param context security context object
@@ -185,6 +176,6 @@
@type dict
"""
(
- _weakCryptoKeySizeCryptography(reportError, context, config) or
- _weakCryptoKeySizePycrypto(reportError, context, config)
+ _weakCryptoKeySizeCryptography(reportError, context, config)
+ or _weakCryptoKeySizePycrypto(reportError, context, config)
)
