First, just to set to tone: I wholeheartedly support the blacklisting of pycrypto; that is a great step that you have taken, and it's awesome to see it canonicalized in the security checks.
Unfortunately, because of how the import checks work, anything that is imported and starts with the string "Crypto" triggers the B413 blacklisted import flag. This is problematic for us, as several of our classes start with "Crypto".
Test results:
>> Issue: [B413:blacklist] The pyCrypto library and its module CryptoMaterialsCacheEntry are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Severity: High Confidence: High
Location: src/aws_encryption_sdk/caches/local.py:22
21
22 from . import CryptoMaterialsCacheEntry
23 from .base import CryptoMaterialsCache
--------------------------------------------------
>> Issue: [B413:blacklist] The pyCrypto library and its module CryptoMaterialsCacheEntry are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Severity: High Confidence: High
Location: src/aws_encryption_sdk/caches/null.py:14
13 """Null cache: a cache which does not cache."""
14 from . import CryptoMaterialsCacheEntry
15 from .base import CryptoMaterialsCache
First, just to set to tone: I wholeheartedly support the blacklisting of pycrypto; that is a great step that you have taken, and it's awesome to see it canonicalized in the security checks.
Unfortunately, because of how the import checks work, anything that is imported and starts with the string "Crypto" triggers the B413 blacklisted import flag. This is problematic for us, as several of our classes start with "Crypto".
ex: /github. com/awslabs/ aws-encryption- sdk-python/ blob/master/ src/aws_ encryption_ sdk/caches/ __init_ _.py#L166 /github. com/awslabs/ aws-encryption- sdk-python/ blob/master/ src/aws_ encryption_ sdk/caches/ base.py# L20
https:/
https:/
Looking through the import check logic[1], I'm wondering if it might also be getting tripped up by relative imports? Error received: [2].
[1] https:/ /github. com/openstack/ bandit/ blob/bb1bf81856 c1467f85ee138b7 27568d192bd179a /bandit/ core/blacklisti ng.py#L65- L75
[2]
Run started:2018-02-14 22:02:58.455051
Test results: CacheEntry are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library. encryption_ sdk/caches/ local.py: 22 CacheEntry Cache
>> Issue: [B413:blacklist] The pyCrypto library and its module CryptoMaterials
Severity: High Confidence: High
Location: src/aws_
21
22 from . import CryptoMaterials
23 from .base import CryptoMaterials
------- ------- ------- ------- ------- ------- ------- - CacheEntry are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library. encryption_ sdk/caches/ null.py: 14 CacheEntry Cache
>> Issue: [B413:blacklist] The pyCrypto library and its module CryptoMaterials
Severity: High Confidence: High
Location: src/aws_
13 """Null cache: a cache which does not cache."""
14 from . import CryptoMaterials
15 from .base import CryptoMaterials