PyCQA · ericwb · Sep 24, 2024
@@ -67,7 +67,6 @@ body:
  - "3.11"
  - "3.10"
  - "3.9"
- - "3.8"
  validations:
  required: true
 

@@ -13,10 +13,10 @@ jobs:
  - uses: actions/checkout@v4
  with:
  fetch-depth: 0
- - name: Set up Python 3.8
+ - name: Set up Python 3.9
  uses: actions/setup-python@v5
  with:
- python-version: 3.8
+ python-version: 3.9
 
  - name: Install dependencies
  run: pip install wheel

@@ -13,10 +13,10 @@ jobs:
  - uses: actions/checkout@v4
  with:
  fetch-depth: 0
- - name: Set up Python 3.8
+ - name: Set up Python 3.9
  uses: actions/setup-python@v5
  with:
- python-version: 3.8
+ python-version: 3.9
 
  - name: Install dependencies
  run: pip install wheel

@@ -7,7 +7,7 @@ jobs:
  runs-on: ubuntu-latest
  strategy:
  matrix:
- python-version: [3.8]
+ python-version: [3.9]
  steps:
  - name: Checkout repository
  uses: actions/checkout@v4
@@ -26,7 +26,7 @@ jobs:
  runs-on: ubuntu-latest
  strategy:
  matrix:
- python-version: [3.8]
+ python-version: [3.9]
  steps:
  - name: Checkout repository
  uses: actions/checkout@v4
@@ -47,7 +47,6 @@ jobs:
  strategy:
  matrix:
  python-version: [
- ["3.8", "38"],
  ["3.9", "39"],
  ["3.10", "310"],
  ["3.11", "311"],

@@ -3,7 +3,7 @@ version: 2
 build:
  os: ubuntu-22.04
  tools:
- python: "3.8"
+ python: "3.9"
 
 sphinx:
  configuration: doc/source/conf.py

@@ -321,8 +321,6 @@
 +------+---------------------+------------------------------------+-----------+
 
 """
-import sys
-
 from bandit.blacklists import utils
 from bandit.core import issue
 
@@ -373,52 +371,26 @@ def gen_blacklist():
  )
  )
 
- if sys.version_info >= (3, 9):
- sets.append(
- utils.build_conf_dict(
- "md5",
- "B303",
- issue.Cwe.BROKEN_CRYPTO,
- [
- "Crypto.Hash.MD2.new",
- "Crypto.Hash.MD4.new",
- "Crypto.Hash.MD5.new",
- "Crypto.Hash.SHA.new",
- "Cryptodome.Hash.MD2.new",
- "Cryptodome.Hash.MD4.new",
- "Cryptodome.Hash.MD5.new",
- "Cryptodome.Hash.SHA.new",
- "cryptography.hazmat.primitives.hashes.MD5",
- "cryptography.hazmat.primitives.hashes.SHA1",
- ],
- "Use of insecure MD2, MD4, MD5, or SHA1 hash function.",
- )
- )
- else:
- sets.append(
- utils.build_conf_dict(
- "md5",
- "B303",
- issue.Cwe.BROKEN_CRYPTO,
- [
- "hashlib.md4",
- "hashlib.md5",
- "hashlib.sha",
- "hashlib.sha1",
- "Crypto.Hash.MD2.new",
- "Crypto.Hash.MD4.new",
- "Crypto.Hash.MD5.new",
- "Crypto.Hash.SHA.new",
- "Cryptodome.Hash.MD2.new",
- "Cryptodome.Hash.MD4.new",
- "Cryptodome.Hash.MD5.new",
- "Cryptodome.Hash.SHA.new",
- "cryptography.hazmat.primitives.hashes.MD5",
- "cryptography.hazmat.primitives.hashes.SHA1",
- ],
- "Use of insecure MD2, MD4, MD5, or SHA1 hash function.",
- )
+ sets.append(
+ utils.build_conf_dict(
+ "md5",
+ "B303",
+ issue.Cwe.BROKEN_CRYPTO,
+ [
+ "Crypto.Hash.MD2.new",
+ "Crypto.Hash.MD4.new",
+ "Crypto.Hash.MD5.new",
+ "Crypto.Hash.SHA.new",
+ "Cryptodome.Hash.MD2.new",
+ "Cryptodome.Hash.MD4.new",
+ "Cryptodome.Hash.MD5.new",
+ "Cryptodome.Hash.SHA.new",
+ "cryptography.hazmat.primitives.hashes.MD5",
+ "cryptography.hazmat.primitives.hashes.SHA1",
+ ],
+ "Use of insecure MD2, MD4, MD5, or SHA1 hash function.",
  )
+ )
 
  sets.append(
  utils.build_conf_dict(

@@ -48,8 +48,6 @@
  Added check for the crypt module weak hashes
 
 """ # noqa: E501
-import sys
-
 import bandit
 from bandit.core import issue
 from bandit.core import test_properties as test
@@ -86,21 +84,6 @@ def _hashlib_func(context, func):
  )
 
 
-def _hashlib_new(context, func):
- if func == "new":
- args = context.call_args
- keywords = context.call_keywords
- name = args[0] if args else keywords.get("name", None)
- if isinstance(name, str) and name.lower() in WEAK_HASHES:
- return bandit.Issue(
- severity=bandit.MEDIUM,
- confidence=bandit.HIGH,
- cwe=issue.Cwe.BROKEN_CRYPTO,
- text=f"Use of insecure {name.upper()} hash function.",
- lineno=context.node.lineno,
- )
-
-
 def _crypt_crypt(context, func):
  args = context.call_args
  keywords = context.call_keywords
@@ -135,10 +118,7 @@ def hashlib(context):
  func = qualname_list[-1]
 
  if "hashlib" in qualname_list:
- if sys.version_info >= (3, 9):
- return _hashlib_func(context, func)
- else:
- return _hashlib_new(context, func)
+ return _hashlib_func(context, func)
 
  elif "crypt" in qualname_list and func in ("crypt", "mksalt"):
  return _crypt_crypt(context, func)
@@ -5,10 +5,10 @@ Under Which Version of Python Should I Install Bandit?
 ------------------------------------------------------
 
 The answer to this question depends on the project(s) you will be running
-Bandit against. If your project is only compatible with Python 3.8, you
-should install Bandit to run under Python 3.8. If your project is only
-compatible with Python 3.9, then use 3.9 respectively. If your project supports
-both, you *could* run Bandit with both versions but you don't have to.
+Bandit against. If your project is only compatible with Python 3.9, you
+should install Bandit to run under Python 3.9. If your project is only
+compatible with Python 3.10, then use 3.10 respectively. If your project
+supports both, you *could* run Bandit with both versions but you don't have to.
 
 Bandit uses the `ast` module from Python's standard library in order to
 analyze your Python code. The `ast` module is only able to parse Python code

@@ -18,7 +18,6 @@ classifier =
  Operating System :: MacOS :: MacOS X
  Programming Language :: Python
  Programming Language :: Python :: 3
- Programming Language :: Python :: 3.8
  Programming Language :: Python :: 3.9
  Programming Language :: Python :: 3.10
  Programming Language :: Python :: 3.11

@@ -4,5 +4,5 @@
 import setuptools
 
 setuptools.setup(
- python_requires=">=3.8", setup_requires=["pbr>=2.0.0"], pbr=True
+ python_requires=">=3.9", setup_requires=["pbr>=2.0.0"], pbr=True
 )
@@ -1,6 +1,6 @@
 [tox]
 minversion = 3.2.0
-envlist = py38,pep8
+envlist = py39,pep8
 
 [testenv]
 usedevelop = True