>/iSrSSKrSSKJr SSKJr SrSrSrSr \R\R"S 5\R"S 5S 555r g) au ========================================= B505: Test for weak cryptographic key use ========================================= As computational power increases, so does the ability to break ciphers with smaller key lengths. The recommended key length size for RSA and DSA algorithms is 2048 and higher. 1024 bits and below are now considered breakable. EC key length sizes are recommended to be 224 and higher with 160 and below considered breakable. This plugin test checks for use of any key less than those limits and returns a high severity error if lower than the lower threshold and a medium severity error for those lower than the higher threshold. :Example: .. code-block:: none >> Issue: DSA key sizes below 1024 bits are considered breakable. Severity: High Confidence: High CWE: CWE-326 (https://cwe.mitre.org/data/definitions/326.html) Location: examples/weak_cryptographic_key_sizes.py:36 35 # Also incorrect: without keyword args 36 dsa.generate_private_key(512, 37 backends.default_backend()) 38 rsa.generate_private_key(3, .. seealso:: - https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final - https://security.openstack.org/guidelines/dg_strong-crypto.html - https://cwe.mitre.org/data/definitions/326.html .. versionadded:: 0.14.0 .. versionchanged:: 1.7.3 CWE information added N)issue)test_propertiesc"US:Xa SSSSSSS.$g)Nweak_cryptographic_keyi)weak_key_size_dsa_highweak_key_size_dsa_mediumweak_key_size_rsa_highweak_key_size_rsa_mediumweak_key_size_ec_highweak_key_size_ec_medium)names _/home/james-whalen/.local/lib/python3.13/site-packages/bandit/plugins/weak_cryptographic_key.py gen_configr/s, ''&*(,&*(,%('*   (c [U[5(agUS[R4US[R4/US[R4US[R4/US[R4US[R4/S.nX1HMupEX$:dM [R "U[R[ RRSX4-S 9s $ g) Nr r r r rrDSARSAECz5%s key sizes below %d bits are considered breakable. )severity confidencecwetext) isinstancestrbanditHIGHMEDIUMIssuerCweINADEQUATE_ENCRYPTION_STRENGTH)configkey_typekey_size key_sizessizelevels r_classify_key_sizer,;s(C  , -v{{ ; . / ? , -v{{ ; . / ? + ,fkk : - . >  I!*  ?<<!;;II<<L"#  +rc SSSS.nSSSS.nURUR5nUS;a@URS 5=(d URX45=(d S n[ XU5$US:Xa0S S _S S_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_S S!_S"S!_S#S$_S%S&_S'S'S(.EnURS)5=(d2 [ UR 5X4:=(a UR X4nXv;aXgOS$n[ XU5$g)*Nrrr)zBcryptography.hazmat.primitives.asymmetric.dsa.generate_private_keyzBcryptography.hazmat.primitives.asymmetric.rsa.generate_private_keyzAcryptography.hazmat.primitives.asymmetric.ec.generate_private_keyrr)rrr(r SECT571K1i; SECT571R1i: SECP521R1i BrainpoolP512R1i SECT409K1i SECT409R1BrainpoolP384R1i SECP384R1 SECT283K1i SECT283R1BrainpoolP256R1 SECP256K1 SECP256R1 SECT233K1 SECT233R1 SECP224R1r SECP192R1) SECT163K1 SECT163R2curve)getcall_function_name_qualget_call_arg_valueget_call_arg_at_positionr,len call_args)contextr& func_key_type arg_positionr'r(curve_key_sizesrFs r%_weak_crypto_key_size_cryptography_iorQZs!& % $ ML   !@!@AH>!  & &z 2 // 0FG   "&H== T       s       s        s         ! " # $' ***73 !! "\%; ; :!!,"89 .3-E?)3!&H==7 rcSSSSS.nURUR5nU(a>URS5=(d URS5=(d Sn[ XU5$g)Nrr)zCrypto.PublicKey.DSA.generatezCrypto.PublicKey.RSA.generatez!Cryptodome.PublicKey.DSA.generatez!Cryptodome.PublicKey.RSA.generatebitsrr)rGrHrIrJr,)rMr&rNr'r(s r_weak_crypto_key_size_pycryptorTsr).).-2-2 M   !@!@AH  & &v . //2   "&H== rCallB505c<[X5=(d [X5$)N)rQrT)rMr&s rrrs! 1  9 ' 89r)__doc__r bandit.corerrtestrr,rQrT takes_configcheckstest_idrrrrr^sg%L/  >1>h>"Vf99r