Skip key checks where size is not constant
Bandit cannot infer the value of local variables yet, so the key size test will fail when the size is not a constant. Ignore those lines for now. Change-Id: If0320ab5cb36592e61fc9cf03b2d230c381e2698 Closes-bug: 1546802
This commit is contained in:
parent
df86344e75
commit
bc20167599
|
@ -51,6 +51,10 @@ from bandit.core import test_properties as test
|
|||
|
||||
|
||||
def _classify_key_size(key_type, key_size):
|
||||
if isinstance(key_size, str):
|
||||
# size provided via a variable - can't process it at the moment
|
||||
return
|
||||
|
||||
key_sizes = {
|
||||
'DSA': [(1024, bandit.HIGH), (2048, bandit.MEDIUM)],
|
||||
'RSA': [(1024, bandit.HIGH), (2048, bandit.MEDIUM)],
|
||||
|
|
|
@ -45,3 +45,8 @@ rsa.generate_private_key(3,
|
|||
backends.default_backend())
|
||||
DSA.generate(512)
|
||||
RSA.generate(512)
|
||||
|
||||
# Don't crash when the size is variable
|
||||
rsa.generate_private_key(public_exponent=65537,
|
||||
key_size=some_key_size,
|
||||
backend=backends.default_backend())
|
||||
|
|
Loading…
Reference in New Issue