Merge "Handle curve keyword arg weak_cryptographic_key"

bandit/plugins/weak_cryptographic_key.py

@@ -96,7 +96,8 @@ def _weak_crypto_key_size_cryptography_io(context):
             'SECT163K1': 163,
             'SECT163R2': 163,
         }
-        curve = context.call_args[arg_position[key_type]]
+        curve = (context.get_call_arg_value('curve') or
+                 context.call_args[arg_position[key_type]])
         key_size = curve_key_sizes[curve] if curve in curve_key_sizes else 224
         return _classify_key_size(key_type, key_size)
 

examples/weak_cryptographic_key_sizes.py

@@ -9,6 +9,8 @@ from Crypto.PublicKey import RSA
 # Correct
 dsa.generate_private_key(key_size=2048,
                          backend=backends.default_backend())
+ec.generate_private_key(curve=ec.SECP384R1,
+                        backend=backends.default_backend())
 rsa.generate_private_key(public_exponent=65537,
                          key_size=2048,
                          backend=backends.default_backend())
@@ -29,6 +31,8 @@ RSA.generate(4096)
 # Incorrect: weak key sizes
 dsa.generate_private_key(key_size=1024,
                          backend=backends.default_backend())
+ec.generate_private_key(curve=ec.SECT163R2,
+                        backend=backends.default_backend())
 rsa.generate_private_key(public_exponent=65537,
                          key_size=1024,
                          backend=backends.default_backend())

tests/functional/test_functional.py

@@ -455,8 +455,8 @@ class FunctionalTests(testtools.TestCase):
     def test_weak_cryptographic_key(self):
         '''Test for weak key sizes.'''
         expect = {
-            'SEVERITY': {'MEDIUM': 5, 'HIGH': 4},
-            'CONFIDENCE': {'HIGH': 9}
+            'SEVERITY': {'MEDIUM': 6, 'HIGH': 4},
+            'CONFIDENCE': {'HIGH': 10}
         }
         self.check_example('weak_cryptographic_key_sizes.py', expect)