diff --git a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S405.py b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S405.py index b6f5f90e564340..8bf2d4a63b1840 100644 --- a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S405.py +++ b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S405.py @@ -1,3 +1,4 @@ -from xml import etree # S405 -import xml.etree as xmle # S405 -import xml.etree # S405 +import xml.etree.cElementTree # S405 +from xml.etree import cElementTree # S405 +import xml.etree.ElementTree # S405 +from xml.etree import ElementTree # S405 diff --git a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S407.py b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S407.py index 2b6363b4e7041a..e7d3841382f4c1 100644 --- a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S407.py +++ b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S407.py @@ -1,4 +1,2 @@ from xml.dom import expatbuilder # S407 -from xml.sax import expatreader # S407 import xml.dom.expatbuilder # S407 -import xml.sax.expatreader # S407 diff --git a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.py b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.py index 5728162557ce72..1b8163323ab930 100644 --- a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.py +++ b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.py @@ -1,3 +1 @@ -import wsgiref.handlers # S412 -from twisted.internet import reactor # S412 -from twisted.web import static, server, twcgi # S412 +from twisted.web.twcgi import CGIScript # S412 diff --git a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S413.py b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S413.py index a09a4b41c8089c..b0ec780ca8033c 100644 --- a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S413.py +++ b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S413.py @@ -1,6 +1,4 @@ -from cryptography.hazmat import backends # S413 -from cryptography.hazmat.primitives.asymmetric import dsa # S413 -from cryptography.hazmat.primitives.asymmetric import ec # S413 -from cryptography.hazmat.primitives.asymmetric import rsa # S413 -from Crypto.PublicKey import RSA as pycrypto_rsa # S413 -from Cryptodome.PublicKey import DSA as pycryptodomex_dsa # S413 +import Crypto.Hash # S413 +from Crypto.Hash import MD2 # S413 +import Crypto.PublicKey # S413 +from Crypto.PublicKey import RSA # S413 diff --git a/crates/ruff_linter/src/checkers/ast/analyze/statement.rs b/crates/ruff_linter/src/checkers/ast/analyze/statement.rs index 8775f885cd2505..519358613f4f9c 100644 --- a/crates/ruff_linter/src/checkers/ast/analyze/statement.rs +++ b/crates/ruff_linter/src/checkers/ast/analyze/statement.rs @@ -562,8 +562,15 @@ pub(crate) fn statement(stmt: &Stmt, checker: &mut Checker) { Rule::SuspiciousFtplibImport, Rule::SuspiciousPickleImport, Rule::SuspiciousSubprocessImport, + Rule::SuspiciousXmlEtreeImport, + Rule::SuspiciousXmlSaxImport, + Rule::SuspiciousXmlExpatImport, + Rule::SuspiciousXmlMinidomImport, + Rule::SuspiciousXmlPulldomImport, Rule::SuspiciousLxmlImport, - Rule::SuspiciousXmlrpclibImport, + Rule::SuspiciousXmlrpcImport, + Rule::SuspiciousHttpoxyImport, + Rule::SuspiciousPycryptoImport, Rule::SuspiciousPyghmiImport, ]) { flake8_bandit::rules::suspicious_imports(checker, stmt); @@ -772,8 +779,15 @@ pub(crate) fn statement(stmt: &Stmt, checker: &mut Checker) { Rule::SuspiciousFtplibImport, Rule::SuspiciousPickleImport, Rule::SuspiciousSubprocessImport, + Rule::SuspiciousXmlEtreeImport, + Rule::SuspiciousXmlSaxImport, + Rule::SuspiciousXmlExpatImport, + Rule::SuspiciousXmlMinidomImport, + Rule::SuspiciousXmlPulldomImport, Rule::SuspiciousLxmlImport, - Rule::SuspiciousXmlrpclibImport, + Rule::SuspiciousXmlrpcImport, + Rule::SuspiciousHttpoxyImport, + Rule::SuspiciousPycryptoImport, Rule::SuspiciousPyghmiImport, ]) { flake8_bandit::rules::suspicious_imports(checker, stmt); diff --git a/crates/ruff_linter/src/codes.rs b/crates/ruff_linter/src/codes.rs index 1ef3f8a02f082f..8c05fe5089ee98 100644 --- a/crates/ruff_linter/src/codes.rs +++ b/crates/ruff_linter/src/codes.rs @@ -632,7 +632,7 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> { (Flake8Bandit, "408") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousXmlMinidomImport), (Flake8Bandit, "409") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousXmlPulldomImport), (Flake8Bandit, "410") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousLxmlImport), - (Flake8Bandit, "411") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousXmlrpclibImport), + (Flake8Bandit, "411") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousXmlrpcImport), (Flake8Bandit, "412") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousHttpoxyImport), (Flake8Bandit, "413") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousPycryptoImport), (Flake8Bandit, "415") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousPyghmiImport), diff --git a/crates/ruff_linter/src/rules/flake8_bandit/mod.rs b/crates/ruff_linter/src/rules/flake8_bandit/mod.rs index ba434a441ccc68..a27f8b19444d89 100644 --- a/crates/ruff_linter/src/rules/flake8_bandit/mod.rs +++ b/crates/ruff_linter/src/rules/flake8_bandit/mod.rs @@ -49,8 +49,15 @@ mod tests { #[test_case(Rule::SuspiciousFtplibImport, Path::new("S402.py"))] #[test_case(Rule::SuspiciousPickleImport, Path::new("S403.py"))] #[test_case(Rule::SuspiciousSubprocessImport, Path::new("S404.py"))] + #[test_case(Rule::SuspiciousXmlEtreeImport, Path::new("S405.py"))] + #[test_case(Rule::SuspiciousXmlSaxImport, Path::new("S406.py"))] + #[test_case(Rule::SuspiciousXmlExpatImport, Path::new("S407.py"))] + #[test_case(Rule::SuspiciousXmlMinidomImport, Path::new("S408.py"))] + #[test_case(Rule::SuspiciousXmlPulldomImport, Path::new("S409.py"))] #[test_case(Rule::SuspiciousLxmlImport, Path::new("S410.py"))] - #[test_case(Rule::SuspiciousXmlrpclibImport, Path::new("S411.py"))] + #[test_case(Rule::SuspiciousXmlrpcImport, Path::new("S411.py"))] + #[test_case(Rule::SuspiciousHttpoxyImport, Path::new("S412.py"))] + #[test_case(Rule::SuspiciousPycryptoImport, Path::new("S413.py"))] #[test_case(Rule::SuspiciousPyghmiImport, Path::new("S415.py"))] #[test_case(Rule::TryExceptContinue, Path::new("S112.py"))] #[test_case(Rule::TryExceptPass, Path::new("S110.py"))] diff --git a/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs b/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs index aea67f7b956bb9..a8904abf2c5d54 100644 --- a/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs +++ b/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs @@ -112,9 +112,9 @@ impl Violation for SuspiciousLxmlImport { } #[violation] -pub struct SuspiciousXmlrpclibImport; +pub struct SuspiciousXmlrpcImport; -impl Violation for SuspiciousXmlrpclibImport { +impl Violation for SuspiciousXmlrpcImport { #[derive_message_formats] fn message(&self) -> String { format!("XMLRPC is particularly dangerous as it is also concerned with communicating data over a network") @@ -153,7 +153,7 @@ impl Violation for SuspiciousPyghmiImport { } } -/// S401, S402, S403, S404, S405, S406, S407, S408, S409, S410, S411, S412, S413 +/// S401, S402, S403, S404, S405, S406, S407, S408, S409, S410, S411, S412, S413, S415 pub(crate) fn suspicious_imports(checker: &mut Checker, stmt: &Stmt) { match stmt { Stmt::Import(ast::StmtImport { names, .. }) => { @@ -179,6 +179,33 @@ pub(crate) fn suspicious_imports(checker: &mut Checker, stmt: &Stmt) { DiagnosticKind::from(SuspiciousSubprocessImport), name.range, ), + "xml.etree.cElementTree" | "xml.etree.ElementTree" => { + check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlEtreeImport), + name.range, + ); + } + "xml.sax" => check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlSaxImport), + name.range, + ), + "xml.dom.expatbuilder" => check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlExpatImport), + name.range, + ), + "xml.dom.minidom" => check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlMinidomImport), + name.range, + ), + "xml.dom.pulldom" => check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlPulldomImport), + name.range, + ), "lxml" => check_and_push_diagnostic( checker, DiagnosticKind::from(SuspiciousLxmlImport), @@ -186,9 +213,17 @@ pub(crate) fn suspicious_imports(checker: &mut Checker, stmt: &Stmt) { ), "xmlrpc" => check_and_push_diagnostic( checker, - DiagnosticKind::from(SuspiciousXmlrpclibImport), + DiagnosticKind::from(SuspiciousXmlrpcImport), name.range, ), + "Crypto.Cipher" | "Crypto.Hash" | "Crypto.IO" | "Crypto.Protocol" + | "Crypto.PublicKey" | "Crypto.Random" | "Crypto.Signature" | "Crypto.Util" => { + check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousPycryptoImport), + name.range, + ); + } "pyghmi" => check_and_push_diagnostic( checker, DiagnosticKind::from(SuspiciousPyghmiImport), @@ -198,7 +233,7 @@ pub(crate) fn suspicious_imports(checker: &mut Checker, stmt: &Stmt) { } } } - Stmt::ImportFrom(ast::StmtImportFrom { module, .. }) => { + Stmt::ImportFrom(ast::StmtImportFrom { module, names, .. }) => { let Some(identifier) = module else { return }; match identifier.as_str() { "telnetlib" => check_and_push_diagnostic( @@ -221,6 +256,77 @@ pub(crate) fn suspicious_imports(checker: &mut Checker, stmt: &Stmt) { DiagnosticKind::from(SuspiciousSubprocessImport), identifier.range(), ), + "xml.etree" => { + for name in names { + if &name.name == "cElementTree" || &name.name == "ElementTree" { + check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlEtreeImport), + identifier.range(), + ); + } + } + } + "xml.etree.cElementTree" | "xml.etree.ElementTree" => { + check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlEtreeImport), + identifier.range(), + ); + } + "xml" => { + for name in names { + if &name.name == "sax" { + check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlSaxImport), + identifier.range(), + ); + } + } + } + "xml.sax" => check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlSaxImport), + identifier.range(), + ), + "xml.dom" => { + for name in names { + match name.name.as_str() { + "expatbuilder" => check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlExpatImport), + identifier.range(), + ), + "minidom" => check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlMinidomImport), + identifier.range(), + ), + "pulldom" => check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlPulldomImport), + identifier.range(), + ), + _ => (), + } + } + } + "xml.dom.expatbuilder" => check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlExpatImport), + identifier.range(), + ), + "xml.dom.minidom" => check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlMinidomImport), + identifier.range(), + ), + "xml.dom.pulldom" => check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousXmlPulldomImport), + identifier.range(), + ), "lxml" => check_and_push_diagnostic( checker, DiagnosticKind::from(SuspiciousLxmlImport), @@ -228,9 +334,58 @@ pub(crate) fn suspicious_imports(checker: &mut Checker, stmt: &Stmt) { ), "xmlrpc" => check_and_push_diagnostic( checker, - DiagnosticKind::from(SuspiciousXmlrpclibImport), + DiagnosticKind::from(SuspiciousXmlrpcImport), identifier.range(), ), + "wsgiref.handlers" => { + for name in names { + if &name.name == "CGIHandler" { + check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousHttpoxyImport), + identifier.range(), + ); + } + } + } + "twisted.web.twcgi" => { + for name in names { + if &name.name == "CGIScript" { + check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousHttpoxyImport), + identifier.range(), + ); + } + } + } + "Crypto" => { + for name in names { + if &name.name == "Cipher" + || &name.name == "Hash" + || &name.name == "IO" + || &name.name == "Protocol" + || &name.name == "PublicKey" + || &name.name == "Random" + || &name.name == "Signature" + || &name.name == "Util" + { + check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousPycryptoImport), + identifier.range(), + ); + } + } + } + "Crypto.Cipher" | "Crypto.Hash" | "Crypto.IO" | "Crypto.Protocol" + | "Crypto.PublicKey" | "Crypto.Random" | "Crypto.Signature" | "Crypto.Util" => { + check_and_push_diagnostic( + checker, + DiagnosticKind::from(SuspiciousPycryptoImport), + identifier.range(), + ); + } "pyghmi" => check_and_push_diagnostic( checker, DiagnosticKind::from(SuspiciousPyghmiImport), diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S405_S405.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S405_S405.py.snap new file mode 100644 index 00000000000000..9f4f8322c927fb --- /dev/null +++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S405_S405.py.snap @@ -0,0 +1,38 @@ +--- +source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs +--- +S405.py:1:8: S405 `xml.etree` methods are vulnerable to XML attacks + | +1 | import xml.etree.cElementTree # S405 + | ^^^^^^^^^^^^^^^^^^^^^^ S405 +2 | from xml.etree import cElementTree # S405 +3 | import xml.etree.ElementTree # S405 + | + +S405.py:2:6: S405 `xml.etree` methods are vulnerable to XML attacks + | +1 | import xml.etree.cElementTree # S405 +2 | from xml.etree import cElementTree # S405 + | ^^^^^^^^^ S405 +3 | import xml.etree.ElementTree # S405 +4 | from xml.etree import ElementTree # S405 + | + +S405.py:3:8: S405 `xml.etree` methods are vulnerable to XML attacks + | +1 | import xml.etree.cElementTree # S405 +2 | from xml.etree import cElementTree # S405 +3 | import xml.etree.ElementTree # S405 + | ^^^^^^^^^^^^^^^^^^^^^ S405 +4 | from xml.etree import ElementTree # S405 + | + +S405.py:4:6: S405 `xml.etree` methods are vulnerable to XML attacks + | +2 | from xml.etree import cElementTree # S405 +3 | import xml.etree.ElementTree # S405 +4 | from xml.etree import ElementTree # S405 + | ^^^^^^^^^ S405 + | + + diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S406_S406.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S406_S406.py.snap new file mode 100644 index 00000000000000..ef1c448cd3579e --- /dev/null +++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S406_S406.py.snap @@ -0,0 +1,28 @@ +--- +source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs +--- +S406.py:1:6: S406 `xml.sax` methods are vulnerable to XML attacks + | +1 | from xml import sax # S406 + | ^^^ S406 +2 | import xml.sax as xmls # S406 +3 | import xml.sax # S406 + | + +S406.py:2:8: S406 `xml.sax` methods are vulnerable to XML attacks + | +1 | from xml import sax # S406 +2 | import xml.sax as xmls # S406 + | ^^^^^^^^^^^^^^^ S406 +3 | import xml.sax # S406 + | + +S406.py:3:8: S406 `xml.sax` methods are vulnerable to XML attacks + | +1 | from xml import sax # S406 +2 | import xml.sax as xmls # S406 +3 | import xml.sax # S406 + | ^^^^^^^ S406 + | + + diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S407_S407.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S407_S407.py.snap new file mode 100644 index 00000000000000..91c88345a4f173 --- /dev/null +++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S407_S407.py.snap @@ -0,0 +1,18 @@ +--- +source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs +--- +S407.py:1:6: S407 `xml.dom.expatbuilder` is vulnerable to XML attacks + | +1 | from xml.dom import expatbuilder # S407 + | ^^^^^^^ S407 +2 | import xml.dom.expatbuilder # S407 + | + +S407.py:2:8: S407 `xml.dom.expatbuilder` is vulnerable to XML attacks + | +1 | from xml.dom import expatbuilder # S407 +2 | import xml.dom.expatbuilder # S407 + | ^^^^^^^^^^^^^^^^^^^^ S407 + | + + diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S408_S408.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S408_S408.py.snap new file mode 100644 index 00000000000000..e42d754a9ec54c --- /dev/null +++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S408_S408.py.snap @@ -0,0 +1,18 @@ +--- +source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs +--- +S408.py:1:6: S408 `xml.dom.minidom` is vulnerable to XML attacks + | +1 | from xml.dom.minidom import parseString # S408 + | ^^^^^^^^^^^^^^^ S408 +2 | import xml.dom.minidom # S408 + | + +S408.py:2:8: S408 `xml.dom.minidom` is vulnerable to XML attacks + | +1 | from xml.dom.minidom import parseString # S408 +2 | import xml.dom.minidom # S408 + | ^^^^^^^^^^^^^^^ S408 + | + + diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S409_S409.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S409_S409.py.snap new file mode 100644 index 00000000000000..e65eacfe96f9ef --- /dev/null +++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S409_S409.py.snap @@ -0,0 +1,18 @@ +--- +source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs +--- +S409.py:1:6: S409 `xml.dom.pulldom` is vulnerable to XML attacks + | +1 | from xml.dom.pulldom import parseString # S409 + | ^^^^^^^^^^^^^^^ S409 +2 | import xml.dom.pulldom # S409 + | + +S409.py:2:8: S409 `xml.dom.pulldom` is vulnerable to XML attacks + | +1 | from xml.dom.pulldom import parseString # S409 +2 | import xml.dom.pulldom # S409 + | ^^^^^^^^^^^^^^^ S409 + | + + diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S412_S412.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S412_S412.py.snap new file mode 100644 index 00000000000000..f6acbda39983f5 --- /dev/null +++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S412_S412.py.snap @@ -0,0 +1,10 @@ +--- +source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs +--- +S412.py:1:6: S412 `httpoxy` is a set of vulnerabilities that affect application code running inCGI, or CGI-like environments. The use of CGI for web applications should be avoided + | +1 | from twisted.web.twcgi import CGIScript # S412 + | ^^^^^^^^^^^^^^^^^ S412 + | + + diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S413_S413.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S413_S413.py.snap new file mode 100644 index 00000000000000..fa8676bd2d8a1b --- /dev/null +++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S413_S413.py.snap @@ -0,0 +1,38 @@ +--- +source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs +--- +S413.py:1:8: S413 `pycrypto` library is known to have publicly disclosed buffer overflow vulnerability + | +1 | import Crypto.Hash # S413 + | ^^^^^^^^^^^ S413 +2 | from Crypto.Hash import MD2 # S413 +3 | import Crypto.PublicKey # S413 + | + +S413.py:2:6: S413 `pycrypto` library is known to have publicly disclosed buffer overflow vulnerability + | +1 | import Crypto.Hash # S413 +2 | from Crypto.Hash import MD2 # S413 + | ^^^^^^^^^^^ S413 +3 | import Crypto.PublicKey # S413 +4 | from Crypto.PublicKey import RSA # S413 + | + +S413.py:3:8: S413 `pycrypto` library is known to have publicly disclosed buffer overflow vulnerability + | +1 | import Crypto.Hash # S413 +2 | from Crypto.Hash import MD2 # S413 +3 | import Crypto.PublicKey # S413 + | ^^^^^^^^^^^^^^^^ S413 +4 | from Crypto.PublicKey import RSA # S413 + | + +S413.py:4:6: S413 `pycrypto` library is known to have publicly disclosed buffer overflow vulnerability + | +2 | from Crypto.Hash import MD2 # S413 +3 | import Crypto.PublicKey # S413 +4 | from Crypto.PublicKey import RSA # S413 + | ^^^^^^^^^^^^^^^^ S413 + | + +