Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add further tests of cryptography #177

Merged
merged 1 commit into from
Nov 15, 2023
+174 −2
Merged

Add further tests of cryptography #177

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion precli/rules/python/third_party/cryptography/cryptography_weak_hash.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ def analyze(self, context: dict, **kwargs: dict) -> Result:
rule_id=self.id,
location=Location(
file_name=context["file_name"],
node=call.function_node,
node=call.identifier_node,
),
level=Level.ERROR,
message=self.message.format(call.name_qualified),
Expand Down
5 changes: 5 additions & 0 deletions tests/unit/rules/python/third_party/cryptography/examples/algorithms_arc4.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
# level: ERROR
# start_line: 9
# end_line: 9
# start_column: 38
# end_column: 41
import os

from cryptography.hazmat.primitives.ciphers import algorithms
Expand Down
5 changes: 5 additions & 0 deletions tests/unit/rules/python/third_party/cryptography/examples/algorithms_blowfish.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
# level: ERROR
# start_line: 9
# end_line: 9
# start_column: 38
# end_column: 41
import os

from cryptography.hazmat.primitives.ciphers import algorithms
Expand Down
5 changes: 5 additions & 0 deletions tests/unit/rules/python/third_party/cryptography/examples/algorithms_idea.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
# level: ERROR
# start_line: 9
# end_line: 9
# start_column: 38
# end_column: 41
import os

from cryptography.hazmat.primitives.ciphers import algorithms
Expand Down
6 changes: 5 additions & 1 deletion tests/unit/rules/python/third_party/cryptography/examples/hashes_md5.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
# from cryptography.hazmat.primitives import hashes
# level: ERROR
# start_line: 9
# end_line: 9
# start_column: 38
# end_column: 41
import cryptography


Expand Down
5 changes: 5 additions & 0 deletions tests/unit/rules/python/third_party/cryptography/examples/hashes_sha1.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
# level: ERROR
# start_line: 9
# end_line: 9
# start_column: 7
# end_column: 11
from cryptography.hazmat.primitives import hashes


Expand Down
18 changes: 18 additions & 0 deletions tests/unit/rules/python/third_party/cryptography/examples/modes_ecb.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# level: ERROR
# start_line: 15
# end_line: 15
# start_column: 13
# end_column: 16
import os

from cryptography.hazmat.primitives.ciphers import algorithms
from cryptography.hazmat.primitives.ciphers import Cipher
from cryptography.hazmat.primitives.ciphers import modes


key = os.urandom(32)
algorithm = algorithms.AES(key)
mode = modes.ECB()
cipher = Cipher(algorithm, mode=mode)
encryptor = cipher.encryptor()
ct = encryptor.update(b"a secret message") + encryptor.finalize()
39 changes: 39 additions & 0 deletions tests/unit/rules/python/third_party/cryptography/test_cryptography_weak_cipher.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# Copyright 2023 Secure Saurce LLC
import os

from parameterized import parameterized

from precli.core.level import Level
from precli.parsers import python
from precli.rules import Rule
from tests.unit.rules.python import test_case


class CryptographyWeakCipherTests(test_case.TestCase):
def setUp(self):
super().setUp()
self.rule_id = "PRE0501"
self.parser = python.Python(enabled=[self.rule_id])
self.base_path = os.path.join(
"tests",
"unit",
"rules",
"python",
"third_party",
"cryptography",
"examples",
)

def test_cryptography_weak_cipher_rule_meta(self):
rule = Rule.get_by_id(self.rule_id)
self.assertEqual(self.rule_id, rule.id)
self.assertEqual(
"use_of_a_broken_or_risky_cryptographic_algorithm", rule.name
)
self.assertEqual(
f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url
)
self.assertEqual(True, rule.default_config.enabled)
self.assertEqual(Level.WARNING, rule.default_config.level)
self.assertEqual(-1.0, rule.default_config.rank)
self.assertEqual("327", rule.cwe.cwe_id)
45 changes: 45 additions & 0 deletions tests/unit/rules/python/third_party/cryptography/test_cryptography_weak_cipher_mode.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# Copyright 2023 Secure Saurce LLC
import os

from parameterized import parameterized

from precli.core.level import Level
from precli.parsers import python
from precli.rules import Rule
from tests.unit.rules.python import test_case


class CryptographyWeakCipherModeTests(test_case.TestCase):
def setUp(self):
super().setUp()
self.rule_id = "PRE0502"
self.parser = python.Python(enabled=[self.rule_id])
self.base_path = os.path.join(
"tests",
"unit",
"rules",
"python",
"third_party",
"cryptography",
"examples",
)

def test_cryptography_weak_cipher_mode_rule_meta(self):
rule = Rule.get_by_id(self.rule_id)
self.assertEqual(self.rule_id, rule.id)
self.assertEqual("use_of_risky_cryptographic_cipher_mode", rule.name)
self.assertEqual(
f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url
)
self.assertEqual(True, rule.default_config.enabled)
self.assertEqual(Level.WARNING, rule.default_config.level)
self.assertEqual(-1.0, rule.default_config.rank)
self.assertEqual("327", rule.cwe.cwe_id)

@parameterized.expand(
[
"modes_ecb",
]
)
def test(self, filename):
self.check(filename)
46 changes: 46 additions & 0 deletions tests/unit/rules/python/third_party/cryptography/test_cryptography_weak_hash.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# Copyright 2023 Secure Saurce LLC
import os

from parameterized import parameterized

from precli.core.level import Level
from precli.parsers import python
from precli.rules import Rule
from tests.unit.rules.python import test_case


class CryptographyWeakHashTests(test_case.TestCase):
def setUp(self):
super().setUp()
self.rule_id = "PRE0503"
self.parser = python.Python(enabled=[self.rule_id])
self.base_path = os.path.join(
"tests",
"unit",
"rules",
"python",
"third_party",
"cryptography",
"examples",
)

def test_cryptography_weak_hash_rule_meta(self):
rule = Rule.get_by_id(self.rule_id)
self.assertEqual(self.rule_id, rule.id)
self.assertEqual("reversible_one_way_hash", rule.name)
self.assertEqual(
f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url
)
self.assertEqual(True, rule.default_config.enabled)
self.assertEqual(Level.WARNING, rule.default_config.level)
self.assertEqual(-1.0, rule.default_config.rank)
self.assertEqual("328", rule.cwe.cwe_id)

@parameterized.expand(
[
"hashes_md5",
"hashes_sha1",
]
)
def test(self, filename):
self.check(filename)