Comment 0 for bug 1749603

First, just to set to tone: I wholeheartedly support the blacklisting of pycrypto; that is a great step that you have taken, and it's awesome to see it canonicalized in the security checks.

Unfortunately, because of how the import checks work, anything that is imported and starts with the string "Crypto" triggers the B413 blacklisted import flag. This is problematic for us, as several of our classes start with "Crypto".

ex:
https://github.com/awslabs/aws-encryption-sdk-python/blob/master/src/aws_encryption_sdk/caches/__init__.py#L166
https://github.com/awslabs/aws-encryption-sdk-python/blob/master/src/aws_encryption_sdk/caches/base.py#L20

Looking through the import check logic[1], I'm wondering if it might also be getting tripped up by relative imports? Error received: [2].

[1] https://github.com/openstack/bandit/blob/bb1bf81856c1467f85ee138b727568d192bd179a/bandit/core/blacklisting.py#L65-L75

[2]
Run started:2018-02-14 22:02:58.455051

Test results:
>> Issue: [B413:blacklist] The pyCrypto library and its module CryptoMaterialsCacheEntry are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
   Severity: High Confidence: High
   Location: src/aws_encryption_sdk/caches/local.py:22
21
22 from . import CryptoMaterialsCacheEntry
23 from .base import CryptoMaterialsCache

--------------------------------------------------
>> Issue: [B413:blacklist] The pyCrypto library and its module CryptoMaterialsCacheEntry are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
   Severity: High Confidence: High
   Location: src/aws_encryption_sdk/caches/null.py:14
13 """Null cache: a cache which does not cache."""
14 from . import CryptoMaterialsCacheEntry
15 from .base import CryptoMaterialsCache