Skip to content

S508 and S509 don’t support the current PySNMP API #21364

New issue
New issue
Closed
#21374
Closed
S508 and S509 don’t support the current PySNMP API#21364
#21374
Labels
ruleImplementing or modifying a lint rule
@dscorbett

Description

@dscorbett
dscorbett
opened on Nov 10, 2025

Summary

snmp-weak-cryptography (S509) only supports an old API of PySNMP. It should also support the current API, where UsmUserData is available in different modules. Example:

$ pip3.14 -q install pysnmp==7.1.22

$ cat >s509_new.py <<'# EOF'
import pysnmp.hlapi.asyncio
import pysnmp.hlapi.v3arch.asyncio
import pysnmp.hlapi.v3arch.asyncio.auth

pysnmp.hlapi.asyncio.UsmUserData("user")
pysnmp.hlapi.v3arch.asyncio.UsmUserData("user")
pysnmp.hlapi.v3arch.asyncio.auth.UsmUserData("user")
# EOF

$ python3.14 s509_new.py; echo $?
0

$ ruff --isolated check s509_new.py --select S509
All checks passed!

Ditto for snmp-insecure-version (S508) for CommunityData. Example:

$ pip3.14 -q install pysnmp==7.1.22

$ cat >s508_new.py <<'# EOF'
import pysnmp.hlapi.asyncio
import pysnmp.hlapi.v1arch
import pysnmp.hlapi.v1arch.asyncio
import pysnmp.hlapi.v1arch.asyncio.auth
import pysnmp.hlapi.v3arch
import pysnmp.hlapi.v3arch.asyncio
import pysnmp.hlapi.v3arch.asyncio.auth

pysnmp.hlapi.asyncio.CommunityData("public", mpModel=0)
pysnmp.hlapi.v1arch.asyncio.auth.CommunityData("public", mpModel=0)
pysnmp.hlapi.v1arch.asyncio.CommunityData("public", mpModel=0)
pysnmp.hlapi.v1arch.CommunityData("public", mpModel=0)
pysnmp.hlapi.v3arch.asyncio.auth.CommunityData("public", mpModel=0)
pysnmp.hlapi.v3arch.asyncio.CommunityData("public", mpModel=0)
pysnmp.hlapi.v3arch.CommunityData("public", mpModel=0)
# EOF

$ python3.14 s508_new.py; echo $?
0

$ ruff --isolated check s508_new.py --select S508
All checks passed!

S509 is also missing an alternative module providing UsmUserData in the old API. Example:

$ pip3.8 -q install pyasn1==0.6.0 pysnmp==4.3.0

$ cat >s509_old.py <<'# EOF'
import pysnmp.hlapi.auth

pysnmp.hlapi.auth.UsmUserData("user")
# EOF

$ python3.8 s509_old.py; echo $?
0

$ ruff --isolated check s509_old.py --select S509
All checks passed!

S508 is also missing an alternative module providing CommunityData in the old API. Example:

$ pip3.8 -q install pyasn1==0.6.0 pysnmp==4.3.0

$ cat >s508_old.py <<'# EOF'
import pysnmp.hlapi.auth

pysnmp.hlapi.auth.CommunityData("public", mpModel=0)
# EOF

$ python3.8 s508_old.py; echo $?
0

$ ruff --isolated check s508_old.py --select S508
All checks passed!

Version

ruff 0.14.4 (c7ff982 2025-11-06)

Metadata

Metadata

Assignees

No one assigned

    Labels

    ruleImplementing or modifying a lint rule

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions