diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index e2c467305..f3baecd1e 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -67,7 +67,6 @@ body: - "3.11" - "3.10" - "3.9" - - "3.8" validations: required: true diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml index 7f72c66e8..a295a9c36 100644 --- a/.github/workflows/publish-to-pypi.yml +++ b/.github/workflows/publish-to-pypi.yml @@ -13,10 +13,10 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Set up Python 3.8 + - name: Set up Python 3.9 uses: actions/setup-python@v5 with: - python-version: 3.8 + python-version: 3.9 - name: Install dependencies run: pip install wheel diff --git a/.github/workflows/publish-to-test-pypi.yml b/.github/workflows/publish-to-test-pypi.yml index 89153cf8f..252ad5b88 100644 --- a/.github/workflows/publish-to-test-pypi.yml +++ b/.github/workflows/publish-to-test-pypi.yml @@ -13,10 +13,10 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Set up Python 3.8 + - name: Set up Python 3.9 uses: actions/setup-python@v5 with: - python-version: 3.8 + python-version: 3.9 - name: Install dependencies run: pip install wheel diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml index 5de6d3725..70c4748b9 100644 --- a/.github/workflows/pythonpackage.yml +++ b/.github/workflows/pythonpackage.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python-version: [3.8] + python-version: [3.9] steps: - name: Checkout repository uses: actions/checkout@v4 @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python-version: [3.8] + python-version: [3.9] steps: - name: Checkout repository uses: actions/checkout@v4 @@ -47,7 +47,6 @@ jobs: strategy: matrix: python-version: [ - ["3.8", "38"], ["3.9", "39"], ["3.10", "310"], ["3.11", "311"], diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 6588cd197..15fc1366e 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -3,7 +3,7 @@ version: 2 build: os: ubuntu-22.04 tools: - python: "3.8" + python: "3.9" sphinx: configuration: doc/source/conf.py diff --git a/bandit/blacklists/calls.py b/bandit/blacklists/calls.py index 3d5f21cd0..171919446 100644 --- a/bandit/blacklists/calls.py +++ b/bandit/blacklists/calls.py @@ -321,8 +321,6 @@ +------+---------------------+------------------------------------+-----------+ """ -import sys - from bandit.blacklists import utils from bandit.core import issue @@ -373,52 +371,26 @@ def gen_blacklist(): ) ) - if sys.version_info >= (3, 9): - sets.append( - utils.build_conf_dict( - "md5", - "B303", - issue.Cwe.BROKEN_CRYPTO, - [ - "Crypto.Hash.MD2.new", - "Crypto.Hash.MD4.new", - "Crypto.Hash.MD5.new", - "Crypto.Hash.SHA.new", - "Cryptodome.Hash.MD2.new", - "Cryptodome.Hash.MD4.new", - "Cryptodome.Hash.MD5.new", - "Cryptodome.Hash.SHA.new", - "cryptography.hazmat.primitives.hashes.MD5", - "cryptography.hazmat.primitives.hashes.SHA1", - ], - "Use of insecure MD2, MD4, MD5, or SHA1 hash function.", - ) - ) - else: - sets.append( - utils.build_conf_dict( - "md5", - "B303", - issue.Cwe.BROKEN_CRYPTO, - [ - "hashlib.md4", - "hashlib.md5", - "hashlib.sha", - "hashlib.sha1", - "Crypto.Hash.MD2.new", - "Crypto.Hash.MD4.new", - "Crypto.Hash.MD5.new", - "Crypto.Hash.SHA.new", - "Cryptodome.Hash.MD2.new", - "Cryptodome.Hash.MD4.new", - "Cryptodome.Hash.MD5.new", - "Cryptodome.Hash.SHA.new", - "cryptography.hazmat.primitives.hashes.MD5", - "cryptography.hazmat.primitives.hashes.SHA1", - ], - "Use of insecure MD2, MD4, MD5, or SHA1 hash function.", - ) + sets.append( + utils.build_conf_dict( + "md5", + "B303", + issue.Cwe.BROKEN_CRYPTO, + [ + "Crypto.Hash.MD2.new", + "Crypto.Hash.MD4.new", + "Crypto.Hash.MD5.new", + "Crypto.Hash.SHA.new", + "Cryptodome.Hash.MD2.new", + "Cryptodome.Hash.MD4.new", + "Cryptodome.Hash.MD5.new", + "Cryptodome.Hash.SHA.new", + "cryptography.hazmat.primitives.hashes.MD5", + "cryptography.hazmat.primitives.hashes.SHA1", + ], + "Use of insecure MD2, MD4, MD5, or SHA1 hash function.", ) + ) sets.append( utils.build_conf_dict( diff --git a/bandit/plugins/hashlib_insecure_functions.py b/bandit/plugins/hashlib_insecure_functions.py index 710800a72..626c8edec 100644 --- a/bandit/plugins/hashlib_insecure_functions.py +++ b/bandit/plugins/hashlib_insecure_functions.py @@ -48,8 +48,6 @@ Added check for the crypt module weak hashes """ # noqa: E501 -import sys - import bandit from bandit.core import issue from bandit.core import test_properties as test @@ -86,21 +84,6 @@ def _hashlib_func(context, func): ) -def _hashlib_new(context, func): - if func == "new": - args = context.call_args - keywords = context.call_keywords - name = args[0] if args else keywords.get("name", None) - if isinstance(name, str) and name.lower() in WEAK_HASHES: - return bandit.Issue( - severity=bandit.MEDIUM, - confidence=bandit.HIGH, - cwe=issue.Cwe.BROKEN_CRYPTO, - text=f"Use of insecure {name.upper()} hash function.", - lineno=context.node.lineno, - ) - - def _crypt_crypt(context, func): args = context.call_args keywords = context.call_keywords @@ -135,10 +118,7 @@ def hashlib(context): func = qualname_list[-1] if "hashlib" in qualname_list: - if sys.version_info >= (3, 9): - return _hashlib_func(context, func) - else: - return _hashlib_new(context, func) + return _hashlib_func(context, func) elif "crypt" in qualname_list and func in ("crypt", "mksalt"): return _crypt_crypt(context, func) diff --git a/doc/source/faq.rst b/doc/source/faq.rst index a344f5fab..16fe25fe4 100644 --- a/doc/source/faq.rst +++ b/doc/source/faq.rst @@ -5,10 +5,10 @@ Under Which Version of Python Should I Install Bandit? ------------------------------------------------------ The answer to this question depends on the project(s) you will be running -Bandit against. If your project is only compatible with Python 3.8, you -should install Bandit to run under Python 3.8. If your project is only -compatible with Python 3.9, then use 3.9 respectively. If your project supports -both, you *could* run Bandit with both versions but you don't have to. +Bandit against. If your project is only compatible with Python 3.9, you +should install Bandit to run under Python 3.9. If your project is only +compatible with Python 3.10, then use 3.10 respectively. If your project +supports both, you *could* run Bandit with both versions but you don't have to. Bandit uses the `ast` module from Python's standard library in order to analyze your Python code. The `ast` module is only able to parse Python code diff --git a/setup.cfg b/setup.cfg index 23c20cc56..c745b02ed 100644 --- a/setup.cfg +++ b/setup.cfg @@ -18,7 +18,6 @@ classifier = Operating System :: MacOS :: MacOS X Programming Language :: Python Programming Language :: Python :: 3 - Programming Language :: Python :: 3.8 Programming Language :: Python :: 3.9 Programming Language :: Python :: 3.10 Programming Language :: Python :: 3.11 diff --git a/setup.py b/setup.py index 8400e38ec..4930fc245 100644 --- a/setup.py +++ b/setup.py @@ -4,5 +4,5 @@ import setuptools setuptools.setup( - python_requires=">=3.8", setup_requires=["pbr>=2.0.0"], pbr=True + python_requires=">=3.9", setup_requires=["pbr>=2.0.0"], pbr=True ) diff --git a/tox.ini b/tox.ini index 13e3458de..2f1cf1417 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] minversion = 3.2.0 -envlist = py38,pep8 +envlist = py39,pep8 [testenv] usedevelop = True