Merge Develop into Release

python/pycryptodome/security/insecure-cipher-algorithm-blowfish.yaml

@@ -2,7 +2,9 @@ rules:
 - id: insecure-cipher-algorithm-blowfish
   message: >-
     Detected Blowfish cipher algorithm which is considered insecure. This algorithm
-    is not cryptographically secure and can be reversed easily. Use AES instead.
+    is not cryptographically secure and can be reversed easily.
+    Use secure stream ciphers such as ChaCha20, XChaCha20 and Salsa20, or a block cipher such as AES with a block size of 128 bits.
+    When using a block cipher, use a modern mode of operation that also provides authentication, such as GCM.
   metadata:
     source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L84
     cwe:
@@ -13,14 +15,20 @@ rules:
     bandit-code: B304
     references:
     - https://stackoverflow.com/questions/1135186/whats-wrong-with-xor-encryption
+    - https://www.pycryptodome.org/src/cipher/cipher
     category: security
     technology:
     - pycryptodome
     subcategory:
     - vuln
     likelihood: LOW
     impact: MEDIUM
-    confidence: MEDIUM
+    confidence: HIGH
+    functional-categories:
+    - crypto::search::symmetric-algorithm::pycryptodome
+    - crypto::search::symmetric-algorithm::pycryptodomex
+  options:
+    symbolic_propagation: true
   severity: WARNING
   languages:
   - python

python/pycryptodome/security/insecure-cipher-algorithm-des.yaml

@@ -1,8 +1,10 @@
 rules:
 - id: insecure-cipher-algorithm-des
   message: >-
-    Detected DES cipher algorithm which is considered insecure. This algorithm
-    is not cryptographically secure and can be reversed easily. Use AES instead.
+    Detected DES cipher or Triple DES algorithm which is considered insecure. This algorithm
+    is not cryptographically secure and can be reversed easily. Use a secure symmetric cipher from the cryptodome package instead.
+    Use secure stream ciphers such as ChaCha20, XChaCha20 and Salsa20, or a block cipher such as AES with a block size of 128 bits.
+    When using a block cipher, use a modern mode of operation that also provides authentication, such as GCM.
   metadata:
     source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L84
     cwe:
@@ -13,17 +15,25 @@ rules:
     bandit-code: B304
     references:
     - https://cwe.mitre.org/data/definitions/326.html
+    - https://www.pycryptodome.org/src/cipher/cipher
     category: security
     technology:
     - pycryptodome
     subcategory:
     - vuln
     likelihood: LOW
     impact: MEDIUM
-    confidence: MEDIUM
+    confidence: HIGH
+    functional-categories:
+    - crypto::search::symmetric-algorithm::pycryptodome
+    - crypto::search::symmetric-algorithm::pycryptodomex
+  options:
+    symbolic_propagation: true
   severity: WARNING
   languages:
   - python
   pattern-either:
   - pattern: Cryptodome.Cipher.DES.new(...)
   - pattern: Crypto.Cipher.DES.new(...)
+  - pattern: Cryptodome.Cipher.DES3.new(...)
+  - pattern: Crypto.Cipher.DES3.new(...)

python/pycryptodome/security/insecure-cipher-algorithm-rc2.yaml

@@ -2,7 +2,9 @@ rules:
 - id: insecure-cipher-algorithm-rc2
   message: >-
     Detected RC2 cipher algorithm which is considered insecure. This algorithm
-    is not cryptographically secure and can be reversed easily. Use AES instead.
+    is not cryptographically secure and can be reversed easily.
+    Use secure stream ciphers such as ChaCha20, XChaCha20 and Salsa20, or a block cipher such as AES with a block size of 128 bits.
+    When using a block cipher, use a modern mode of operation that also provides authentication, such as GCM.
   metadata:
     source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L84
     cwe:
@@ -13,14 +15,20 @@ rules:
     bandit-code: B304
     references:
     - https://cwe.mitre.org/data/definitions/326.html
+    - https://www.pycryptodome.org/src/cipher/cipher
     category: security
     technology:
     - pycryptodome
     subcategory:
     - vuln
     likelihood: LOW
     impact: MEDIUM
-    confidence: MEDIUM
+    confidence: HIGH
+    functional-categories:
+    - crypto::search::symmetric-algorithm::pycryptodome
+    - crypto::search::symmetric-algorithm::pycryptodomex
+  options:
+    symbolic_propagation: true
   severity: WARNING
   languages:
   - python

python/pycryptodome/security/insecure-cipher-algorithm-rc4.yaml

@@ -2,7 +2,9 @@ rules:
 - id: insecure-cipher-algorithm-rc4
   message: >-
     Detected ARC4 cipher algorithm which is considered insecure. This algorithm
-    is not cryptographically secure and can be reversed easily. Use AES instead.
+    is not cryptographically secure and can be reversed easily.
+    Use secure stream ciphers such as ChaCha20, XChaCha20 and Salsa20, or a block cipher such as AES with a block size of 128 bits.
+    When using a block cipher, use a modern mode of operation that also provides authentication, such as GCM.
   metadata:
     source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L84
     cwe:
@@ -13,14 +15,18 @@ rules:
     bandit-code: B304
     references:
     - https://cwe.mitre.org/data/definitions/326.html
+    - https://www.pycryptodome.org/src/cipher/cipher
     category: security
     technology:
     - pycryptodome
     subcategory:
     - vuln
     likelihood: LOW
     impact: MEDIUM
-    confidence: MEDIUM
+    confidence: HIGH
+    functional-categories:
+    - crypto::search::symmetric-algorithm::pycryptodome
+    - crypto::search::symmetric-algorithm::pycryptodomex
   severity: WARNING
   languages:
   - python

python/pycryptodome/security/insecure-hash-algorithm-md2.yaml

@@ -3,7 +3,8 @@ rules:
   message: >-
     Detected MD2 hash algorithm which is considered insecure. MD2 is not
     collision resistant and is therefore not suitable as a cryptographic
-    signature. Use SHA256 or SHA3 instead.
+    signature. 
+    Use a modern hash algorithm from the SHA-2, SHA-3, or BLAKE2 family instead.
   metadata:
     source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L59
     cwe:
@@ -12,6 +13,7 @@ rules:
     - A03:2017 - Sensitive Data Exposure
     - A02:2021 - Cryptographic Failures
     references:
+    - https://www.pycryptodome.org/src/hash/hash#modern-hash-algorithms
     - https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
     - https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/sha-1-collision-signals-the-end-of-the-algorithm-s-viability
     - http://2012.sharcs.org/slides/stevens.pdf
@@ -23,7 +25,12 @@ rules:
     - vuln
     likelihood: LOW
     impact: MEDIUM
-    confidence: MEDIUM
+    confidence: HIGH
+    functional-categories:
+    - crypto::search::hash-algorithm::pycryptodome
+    - crypto::search::hash-algorithm::pycryptodomex
+  options:
+    symbolic_propagation: true
   severity: WARNING
   languages:
   - python

python/pycryptodome/security/insecure-hash-algorithm-md4.yaml

@@ -3,7 +3,8 @@ rules:
   message: >-
     Detected MD4 hash algorithm which is considered insecure. MD4 is not
     collision resistant and is therefore not suitable as a cryptographic
-    signature. Use SHA256 or SHA3 instead.
+    signature.
+    Use a modern hash algorithm from the SHA-2, SHA-3, or BLAKE2 family instead.
   metadata:
     source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L59
     cwe:
@@ -12,6 +13,7 @@ rules:
     - A03:2017 - Sensitive Data Exposure
     - A02:2021 - Cryptographic Failures
     references:
+    - https://www.pycryptodome.org/src/hash/hash#modern-hash-algorithms
     - https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
     - https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/sha-1-collision-signals-the-end-of-the-algorithm-s-viability
     - http://2012.sharcs.org/slides/stevens.pdf
@@ -23,7 +25,12 @@ rules:
     - vuln
     likelihood: LOW
     impact: MEDIUM
-    confidence: MEDIUM
+    confidence: HIGH
+    functional-categories:
+    - crypto::search::hash-algorithm::pycryptodome
+    - crypto::search::hash-algorithm::pycryptodomex
+  options:
+    symbolic_propagation: true
   severity: WARNING
   languages:
   - python

python/pycryptodome/security/insecure-hash-algorithm-md5.yaml

@@ -3,7 +3,8 @@ rules:
   message: >-
     Detected MD5 hash algorithm which is considered insecure. MD5 is not
     collision resistant and is therefore not suitable as a cryptographic
-    signature. Use SHA256 or SHA3 instead.
+    signature. 
+    Use a modern hash algorithm from the SHA-2, SHA-3, or BLAKE2 family instead.
   metadata:
     source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L59
     cwe:
@@ -12,6 +13,7 @@ rules:
     - A03:2017 - Sensitive Data Exposure
     - A02:2021 - Cryptographic Failures
     references:
+    - https://www.pycryptodome.org/src/hash/hash#modern-hash-algorithms
     - https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
     - https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/sha-1-collision-signals-the-end-of-the-algorithm-s-viability
     - http://2012.sharcs.org/slides/stevens.pdf
@@ -23,7 +25,12 @@ rules:
     - vuln
     likelihood: LOW
     impact: MEDIUM
-    confidence: MEDIUM
+    confidence: HIGH
+    functional-categories:
+    - crypto::search::hash-algorithm::pycryptodome
+    - crypto::search::hash-algorithm::pycryptodomex
+  options:
+    symbolic_propagation: true
   severity: WARNING
   languages:
   - python

python/pycryptodome/security/insufficient-dsa-key-size.yaml

@@ -1,14 +1,5 @@
 rules:
 - id: insufficient-dsa-key-size
-  patterns:
-  - pattern-either:
-    - pattern: Crypto.PublicKey.DSA.generate(..., bits=$SIZE, ...)
-    - pattern: Crypto.PublicKey.DSA.generate($SIZE, ...)
-    - pattern: Cryptodome.PublicKey.DSA.generate(..., bits=$SIZE, ...)
-    - pattern: Cryptodome.PublicKey.DSA.generate($SIZE, ...)
-  - metavariable-comparison:
-      metavariable: $SIZE
-      comparison: $SIZE < 2048
   message: >-
     Detected an insufficient key size for DSA. NIST recommends
     a key size of 2048 or higher.
@@ -20,14 +11,29 @@ rules:
     - A02:2021 - Cryptographic Failures
     source-rule-url: https://github.com/PyCQA/bandit/blob/b1411bfb43795d3ffd268bef17a839dee954c2b1/bandit/plugins/weak_cryptographic_key.py
     references:
-    - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf
+    - https://www.pycryptodome.org/src/public_key/dsa
+    - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf
     category: security
     technology:
     - pycryptodome
     subcategory:
     - vuln
     likelihood: LOW
     impact: MEDIUM
-    confidence: MEDIUM
+    confidence: HIGH
+    functional-categories:
+      - crypto::search::key-length::pycryptodome
+      - crypto::search::key-length::pycryptodomex
+  options:
+    symbolic_propagation: true
   languages: [python]
   severity: WARNING
+  patterns:
+  - pattern-either:
+    - pattern: Crypto.PublicKey.DSA.generate(..., bits=$SIZE, ...)
+    - pattern: Crypto.PublicKey.DSA.generate($SIZE, ...)
+    - pattern: Cryptodome.PublicKey.DSA.generate(..., bits=$SIZE, ...)
+    - pattern: Cryptodome.PublicKey.DSA.generate($SIZE, ...)
+  - metavariable-comparison:
+      metavariable: $SIZE
+      comparison: $SIZE < 2048

python/pycryptodome/security/insufficient-rsa-key-size.py

@@ -4,11 +4,16 @@
 from Crypto.PublicKey import RSA as pycrypto_rsa
 from Cryptodome.PublicKey import RSA as pycryptodomex_rsa
 
-# ok:insufficient-rsa-key-size
+# ruleid:insufficient-rsa-key-size
 pycrypto_rsa.generate(bits=2048)
-# ok:insufficient-rsa-key-size
+# ruleid:insufficient-rsa-key-size
 pycryptodomex_rsa.generate(bits=2048)
 
+# ok:insufficient-rsa-key-size
+pycrypto_rsa.generate(bits=3072)
+# ok:insufficient-rsa-key-size
+pycryptodomex_rsa.generate(bits=3072)
+
 # ok:insufficient-rsa-key-size
 pycrypto_rsa.generate(4096)
 # ok:insufficient-rsa-key-size

python/pycryptodome/security/insufficient-rsa-key-size.yaml

@@ -1,17 +1,8 @@
 rules:
 - id: insufficient-rsa-key-size
-  patterns:
-  - pattern-either:
-    - pattern: Crypto.PublicKey.RSA.generate(..., bits=$SIZE, ...)
-    - pattern: Crypto.PublicKey.RSA.generate($SIZE, ...)
-    - pattern: Cryptodome.PublicKey.RSA.generate(..., bits=$SIZE, ...)
-    - pattern: Cryptodome.PublicKey.RSA.generate($SIZE, ...)
-  - metavariable-comparison:
-      metavariable: $SIZE
-      comparison: $SIZE < 2048
   message: >-
     Detected an insufficient key size for RSA. NIST recommends
-    a key size of 2048 or higher.
+    a key size of 3072 or higher.
   metadata:
     cwe:
     - 'CWE-326: Inadequate Encryption Strength'
@@ -20,14 +11,29 @@ rules:
     - A02:2021 - Cryptographic Failures
     source-rule-url: https://github.com/PyCQA/bandit/blob/b1411bfb43795d3ffd268bef17a839dee954c2b1/bandit/plugins/weak_cryptographic_key.py
     references:
-    - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf
+    - https://www.pycryptodome.org/src/public_key/rsa#rsa
+    - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf
     category: security
     technology:
     - pycryptodome
     subcategory:
     - vuln
     likelihood: LOW
     impact: MEDIUM
-    confidence: MEDIUM
+    confidence: HIGH
+    functional-categories:
+      - crypto::search::key-length::pycryptodome
+      - crypto::search::key-length::pycryptodomex
+  options:
+    symbolic_propagation: true
   languages: [python]
   severity: WARNING
+  patterns:
+  - pattern-either:
+    - pattern: Crypto.PublicKey.RSA.generate(..., bits=$SIZE, ...)
+    - pattern: Crypto.PublicKey.RSA.generate($SIZE, ...)
+    - pattern: Cryptodome.PublicKey.RSA.generate(..., bits=$SIZE, ...)
+    - pattern: Cryptodome.PublicKey.RSA.generate($SIZE, ...)
+  - metavariable-comparison:
+      metavariable: $SIZE
+      comparison: $SIZE < 3072