securesauce · ericwb · Dec 31, 2023 · Dec 31, 2023
@@ -39,7 +39,8 @@ def rule_id(self) -> str:
         """
         The ID of the rule.
 
-        The IDs match PREXXXX where XXXX is a unique number.
+        The IDs match ??XXX where ?? is language identifier and XXX is a
+        unique number.
 
         :return: rule ID
         :rtype: str

@@ -19,7 +19,7 @@
 Import = namedtuple("Import", "module alias")
 
 SUPPRESS_COMMENT = re.compile(r"# suppress:? (?P<rules>[^#]+)?#?")
-SUPPRESSED_RULES = re.compile(r"(?:(PRE\d\d\d\d|[a-z_]+),?)+")
+SUPPRESSED_RULES = re.compile(r"(?:(PY\d\d\d|[a-z_]+),?)+")
 
 
 class Python(Parser):

@@ -129,7 +129,7 @@
 
 .. seealso::
 
- - `Improper Hostkey Validation Using SSH <https://docs.securesauce.dev/rules/PRE1501>`_
+ - `Improper Hostkey Validation Using SSH <https://docs.securesauce.dev/rules/GO501>`_
  - `ssh package - golang.org_x_crypto_ssh - Go Packages <https://pkg.go.dev/golang.org/x/crypto/ssh#InsecureIgnoreHostKey>`_
  - `CWE-295: Improper Certificate Validation <https://cwe.mitre.org/data/definitions/295.html>`_
 

@@ -74,7 +74,7 @@
 
 .. seealso::
 
- - `Inadequate Encryption Strength Using Weak Keys in M2Crypto Module <https://docs.securesauce.dev/rules/PRE0509>`_
+ - `Inadequate Encryption Strength Using Weak Keys in M2Crypto Module <https://docs.securesauce.dev/rules/PY509>`_
  - `m2crypto _ m2crypto · GitLab <https://gitlab.com/m2crypto/m2crypto>`_
  - `CWE-326: Inadequate Encryption Strength <https://cwe.mitre.org/data/definitions/326.html>`_
 

@@ -44,7 +44,7 @@
 
 .. seealso::
 
- - `Deserialization of Untrusted Data in the PyYAML Module <https://docs.securesauce.dev/rules/PRE0521>`_
+ - `Deserialization of Untrusted Data in the PyYAML Module <https://docs.securesauce.dev/rules/PY521>`_
  - `PyYAML Documentation <https://pyyaml.org/wiki/PyYAMLDocumentation>`_
  - `CWE-502: Deserialization of Untrusted Data <https://cwe.mitre.org/data/definitions/502.html>`_
 

@@ -49,7 +49,7 @@
 
 .. seealso::
 
- - `Improper Certificate Validation Using Requests Module <https://docs.securesauce.dev/rules/PRE0501>`_
+ - `Improper Certificate Validation Using Requests Module <https://docs.securesauce.dev/rules/PY501>`_
  - `Advanced Client Usage — aiohttp documentation <https://docs.aiohttp.org/en/stable/client_advanced.html#ssl-control-for-tcp-sockets>`_
  - `CWE-295: Improper Certificate Validation <https://cwe.mitre.org/data/definitions/295.html>`_
 

@@ -107,7 +107,7 @@
 
 .. seealso::
 
- - `Use of a Broken or Risky Cryptographic Algorithm in Cryptography Module <https://docs.securesauce.dev/rules/PRE0502>`_
+ - `Use of a Broken or Risky Cryptographic Algorithm in Cryptography Module <https://docs.securesauce.dev/rules/PY502>`_
  - `Symmetric encryption — Cryptography documentation <https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/#weak-ciphers>`_
  - `CWE-327: Use of a Broken or Risky Cryptographic Algorithm <https://cwe.mitre.org/data/definitions/327.html>`_
 

@@ -77,7 +77,7 @@
 
 .. seealso::
 
- - `Use of a Risky Cryptographic Cipher Mode in Cryptography Module <https://docs.securesauce.dev/rules/PRE0503>`_
+ - `Use of a Risky Cryptographic Cipher Mode in Cryptography Module <https://docs.securesauce.dev/rules/PY503>`_
  - `Symmetric encryption — Cryptography documentation <https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/#insecure-modes>`_
  - `CWE-327: Use of a Broken or Risky Cryptographic Algorithm <https://cwe.mitre.org/data/definitions/327.html>`_
 

@@ -48,7 +48,7 @@
 
 .. seealso::
 
- - `Reversible One Way Hash in Cryptography Module <https://docs.securesauce.dev/rules/PRE0504>`_
+ - `Reversible One Way Hash in Cryptography Module <https://docs.securesauce.dev/rules/PY504>`_
  - `Message digests (Hashing) — Cryptography <https://cryptography.io/en/latest/hazmat/primitives/cryptographic-hashes/>`_
  - `CWE-328: Use of Weak Hash <https://cwe.mitre.org/data/definitions/328.html>`_
  - `NIST Policy on Hash Functions <https://csrc.nist.gov/projects/hash-functions>`_

@@ -74,7 +74,7 @@
 
 .. seealso::
 
- - `Inadequate Encryption Strength Using Weak Keys in Cryptography Module <https://docs.securesauce.dev/rules/PRE0505>`_
+ - `Inadequate Encryption Strength Using Weak Keys in Cryptography Module <https://docs.securesauce.dev/rules/PY505>`_
  - `Asymmetric algorithms — Cryptography documentation <https://cryptography.io/en/latest/hazmat/primitives/asymmetric/>`_
  - `CWE-326: Inadequate Encryption Strength <https://cwe.mitre.org/data/definitions/326.html>`_
 

@@ -33,7 +33,7 @@
 
 .. seealso::
 
- - `Deserialization of Untrusted Data in the Dill Module <https://docs.securesauce.dev/rules/PRE0506>`_
+ - `Deserialization of Untrusted Data in the Dill Module <https://docs.securesauce.dev/rules/PY506>`_
  - `dill package documentation <https://dill.readthedocs.io/en/latest/index.html>`_
  - `CWE-502: Deserialization of Untrusted Data <https://cwe.mitre.org/data/definitions/502.html>`_
 

@@ -45,7 +45,7 @@
 
 .. seealso::
 
- - `Improper Certificate Validation Using Httpx Module <https://docs.securesauce.dev/rules/PRE0507>`_
+ - `Improper Certificate Validation Using Httpx Module <https://docs.securesauce.dev/rules/PY507>`_
  - `HTTPX <https://www.python-httpx.org/>`_
  - `CWE-295: Improper Certificate Validation <https://cwe.mitre.org/data/definitions/295.html>`_
 

@@ -34,7 +34,7 @@
 
 .. seealso::
 
- - `Deserialization of Untrusted Data in JsonPickle Module <https://docs.securesauce.dev/rules/PRE0508>`_
+ - `Deserialization of Untrusted Data in JsonPickle Module <https://docs.securesauce.dev/rules/PY508>`_
  - `jsonpickle Documentation <https://jsonpickle.github.io/>`_
  - `CWE-502: Deserialization of Untrusted Data <https://cwe.mitre.org/data/definitions/502.html>`_
  - `pickle — Python object serialization <https://docs.python.org/3/library/pickle.html>`_

@@ -45,7 +45,7 @@
 
 .. seealso::
 
- - `Deserialization of Untrusted Data in Pandas Module <https://docs.securesauce.dev/rules/PRE0510>`_
+ - `Deserialization of Untrusted Data in Pandas Module <https://docs.securesauce.dev/rules/PY510>`_
  - `Input_output — pandas <https://pandas.pydata.org/docs/reference/io.html#pickling>`_
  - `CWE-502: Deserialization of Untrusted Data <https://cwe.mitre.org/data/definitions/502.html>`_
  - `pickle — Python object serialization <https://docs.python.org/3/library/pickle.html>`_

@@ -48,7 +48,7 @@
 
 .. seealso::
 
- - `Improper Certificate Validation Using Paramiko Module <https://docs.securesauce.dev/rules/PRE0511>`_
+ - `Improper Certificate Validation Using Paramiko Module <https://docs.securesauce.dev/rules/PY511>`_
  - `Paramiko’s documentation <https://docs.paramiko.org/en/latest/>`_
  - `CWE-295: Improper Certificate Validation <https://cwe.mitre.org/data/definitions/295.html>`_
 

@@ -103,7 +103,7 @@
 
 .. seealso::
 
- - `Use of a Broken or Risky Cryptographic Algorithm in PyCrypto Module <https://docs.securesauce.dev/rules/PRE0512>`_
+ - `Use of a Broken or Risky Cryptographic Algorithm in PyCrypto Module <https://docs.securesauce.dev/rules/PY512>`_
  - `PyCrypto - The Python Cryptography Toolkit <https://www.pycrypto.org/>`_
  - `CWE-327: Use of a Broken or Risky Cryptographic Algorithm <https://cwe.mitre.org/data/definitions/327.html>`_
 

@@ -63,7 +63,7 @@
 
 .. seealso::
 
- - `Reversible One Way Hash in PyCrypto Module <https://docs.securesauce.dev/rules/PRE0513>`_
+ - `Reversible One Way Hash in PyCrypto Module <https://docs.securesauce.dev/rules/PY513>`_
  - `PyCrypto - The Python Cryptography Toolkit <https://www.pycrypto.org/>`_
  - `CWE-328: Use of Weak Hash <https://cwe.mitre.org/data/definitions/328.html>`_
  - `NIST Policy on Hash Functions <https://csrc.nist.gov/projects/hash-functions>`_

@@ -62,7 +62,7 @@
 
 .. seealso::
 
- - `Inadequate Encryption Strength Using Weak Keys in PyCrypto Module <https://docs.securesauce.dev/rules/PRE0514>`_
+ - `Inadequate Encryption Strength Using Weak Keys in PyCrypto Module <https://docs.securesauce.dev/rules/PY514>`_
  - `PyCrypto - The Python Cryptography Toolkit <https://www.pycrypto.org/>`_
  - `CWE-326: Inadequate Encryption Strength <https://cwe.mitre.org/data/definitions/326.html>`_
 

@@ -103,7 +103,7 @@
 
 .. seealso::
 
- - `Use of a Broken or Risky Cryptographic Algorithm in PyCrypto Module <https://docs.securesauce.dev/rules/PRE0515>`_
+ - `Use of a Broken or Risky Cryptographic Algorithm in PyCrypto Module <https://docs.securesauce.dev/rules/PY515>`_
  - `PyCryptodome <https://www.pycryptodome.org/>`_
  - `CWE-327: Use of a Broken or Risky Cryptographic Algorithm <https://cwe.mitre.org/data/definitions/327.html>`_
 

@@ -63,7 +63,7 @@
 
 .. seealso::
 
- - `Reversible One Way Hash in PyCryptodomex Module <https://docs.securesauce.dev/rules/PRE0516>`_
+ - `Reversible One Way Hash in PyCryptodomex Module <https://docs.securesauce.dev/rules/PY516>`_
  - `PyCryptodome <https://www.pycryptodome.org/>`_
  - `CWE-328: Use of Weak Hash <https://cwe.mitre.org/data/definitions/328.html>`_
  - `NIST Policy on Hash Functions <https://csrc.nist.gov/projects/hash-functions>`_

@@ -62,7 +62,7 @@
 
 .. seealso::
 
- - `Inadequate Encryption Strength Using Weak Keys in PyCrypto Module <https://docs.securesauce.dev/rules/PRE0517>`_
+ - `Inadequate Encryption Strength Using Weak Keys in PyCrypto Module <https://docs.securesauce.dev/rules/PY517>`_
  - `PyCryptodome <https://www.pycryptodome.org/>`_
  - `CWE-326: Inadequate Encryption Strength <https://cwe.mitre.org/data/definitions/326.html>`_
 

@@ -87,7 +87,7 @@
 
 .. seealso::
 
- - `Cleartext Transmission of Sensitive Information in the Pyghmi Module <https://docs.securesauce.dev/rules/PRE0518>`_
+ - `Cleartext Transmission of Sensitive Information in the Pyghmi Module <https://docs.securesauce.dev/rules/PY518>`_
  - `Documentation — pyghmi documentation <https://docs.openstack.org/pyghmi/latest/>`_
  - `CWE-319: Cleartext Transmission of Sensitive Information <https://cwe.mitre.org/data/definitions/319.html>`_
  - `Risks of Using the Intelligent Platform Management Interface (IPMI) CISA <https://www.cisa.gov/news-events/alerts/2013/07/26/risks-using-intelligent-platform-management-interface-ipmi>`_

@@ -54,7 +54,7 @@
 
 .. seealso::
 
- - `Inadequate Encryption Strength Using Weak SSL Protocols <https://docs.securesauce.dev/rules/PRE0519>`_
+ - `Inadequate Encryption Strength Using Weak SSL Protocols <https://docs.securesauce.dev/rules/PY519>`_
  - `pyOpenSSL’s documentation <https://www.pyopenssl.org/en/latest/>`_
  - `CWE-326: Inadequate Encryption Strength <https://cwe.mitre.org/data/definitions/326.html>`_
 

@@ -62,7 +62,7 @@
 
 .. seealso::
 
- - `Inadequate Encryption Strength Using Weak Keys in PyOpenSSL Module <https://docs.securesauce.dev/rules/PRE0520>`_
+ - `Inadequate Encryption Strength Using Weak Keys in PyOpenSSL Module <https://docs.securesauce.dev/rules/PY520>`_
  - `crypto — Generic cryptographic module — pyOpenSSL documentation <https://www.pyopenssl.org/en/latest/api/crypto.html#pkey-objects>`_
  - `CWE-326: Inadequate Encryption Strength <https://cwe.mitre.org/data/definitions/326.html>`_
 

@@ -45,7 +45,7 @@
 
 .. seealso::
 
- - `Improper Certificate Validation Using Requests Module <https://docs.securesauce.dev/rules/PRE0522>`_
+ - `Improper Certificate Validation Using Requests Module <https://docs.securesauce.dev/rules/PY522>`_
  - `Requests HTTP for Humans™ <https://requests.readthedocs.io/en/latest/>`_
  - `CWE-295: Improper Certificate Validation <https://cwe.mitre.org/data/definitions/295.html>`_
 

@@ -89,7 +89,7 @@
 
 .. seealso::
 
- - `Reversible One Way Hash in Crypt Module <https://docs.securesauce.dev/rules/PRE0002>`_
+ - `Reversible One Way Hash in Crypt Module <https://docs.securesauce.dev/rules/PY002>`_
  - `crypt — Function to check Unix passwords <https://docs.python.org/3/library/crypt.html>`_
  - `CWE-328: Use of Weak Hash <https://cwe.mitre.org/data/definitions/328.html>`_
  - `NIST Policy on Hash Functions <https://csrc.nist.gov/projects/hash-functions>`_

@@ -75,7 +75,7 @@
 
 .. seealso::
 
- - `Cleartext Transmission of Sensitive Information in the Ftplib Module <https://docs.securesauce.dev/rules/PRE0003>`_
+ - `Cleartext Transmission of Sensitive Information in the Ftplib Module <https://docs.securesauce.dev/rules/PY003>`_
  - `ftplib — FTP protocol client <https://docs.python.org/3/library/ftplib.html>`_
  - `CWE-319: Cleartext Transmission of Sensitive Information <https://cwe.mitre.org/data/definitions/319.html>`_
  - https://www.paramiko.org/

@@ -75,7 +75,7 @@
 
 .. seealso::
 
- - `Reversible One Way Hash in Hashlib Module <https://docs.securesauce.dev/rules/PRE0004>`_
+ - `Reversible One Way Hash in Hashlib Module <https://docs.securesauce.dev/rules/PY004>`_
  - `hashlib — Secure hashes and message digests <https://docs.python.org/3/library/hashlib.html>`_
  - `CWE-328: Use of Weak Hash <https://cwe.mitre.org/data/definitions/328.html>`_
  - `NIST Policy on Hash Functions <https://csrc.nist.gov/projects/hash-functions>`_

@@ -72,7 +72,7 @@
 
 .. seealso::
 
- - `Observable Timing Discrepancy in Hmac Module <https://docs.securesauce.dev/rules/PRE0005>`_
+ - `Observable Timing Discrepancy in Hmac Module <https://docs.securesauce.dev/rules/PY005>`_
  - `hmac — Keyed-Hashing for Message Authentication <https://docs.python.org/3/library/hmac.html>`_
  - `CWE-208: Observable Timing Discrepancy <https://cwe.mitre.org/data/definitions/208.html>`_
 

@@ -67,7 +67,7 @@
 
 .. seealso::
 
- - `Reversible One Way Hash in Hmac Module <https://docs.securesauce.dev/rules/PRE0006>`_
+ - `Reversible One Way Hash in Hmac Module <https://docs.securesauce.dev/rules/PY006>`_
  - `hmac — Keyed-Hashing for Message Authentication <https://docs.python.org/3/library/hmac.html>`_
  - `CWE-328: Use of Weak Hash <https://cwe.mitre.org/data/definitions/328.html>`_
  - `NIST Policy on Hash Functions <https://csrc.nist.gov/projects/hash-functions>`_

@@ -63,7 +63,7 @@
 
 .. seealso::
 
- - `Cleartext Transmission of Sensitive Information in the Imaplib Module <https://docs.securesauce.dev/rules/PRE0007>`_
+ - `Cleartext Transmission of Sensitive Information in the Imaplib Module <https://docs.securesauce.dev/rules/PY007>`_
  - `imaplib — IMAP4 protocol client <https://docs.python.org/3/library/imaplib.html>`_
  - `CWE-319: Cleartext Transmission of Sensitive Information <https://cwe.mitre.org/data/definitions/319.html>`_
 

@@ -33,7 +33,7 @@
 
 .. seealso::
 
- - `Deserialization of Untrusted Data in the Json Module <https://docs.securesauce.dev/rules/PRE0008>`_
+ - `Deserialization of Untrusted Data in the Json Module <https://docs.securesauce.dev/rules/PY008>`_
  - `json — JSON encoder and decoder <https://docs.python.org/3/library/json.html>`_
  - `CWE-502: Deserialization of Untrusted Data <https://cwe.mitre.org/data/definitions/502.html>`_
 

@@ -48,7 +48,7 @@ def validate(recv: bytes):
 
 .. seealso::
 
- - `Code Injection in Logging Config <https://docs.securesauce.dev/rules/PRE0009>`_
+ - `Code Injection in Logging Config <https://docs.securesauce.dev/rules/PY009>`_
  - `logging.config — Logging configuration <https://docs.python.org/3/library/logging.config.html#module-logging.config>`_
  - `CWE-94: Improper Control of Generation of Code ('Code Injection') <https://cwe.mitre.org/data/definitions/94.html>`_
 

@@ -38,7 +38,7 @@
 
 .. seealso::
 
- - `Deserialization of Untrusted Data in the Marshal Module <https://docs.securesauce.dev/rules/PRE0010>`_
+ - `Deserialization of Untrusted Data in the Marshal Module <https://docs.securesauce.dev/rules/PY010>`_
  - `marshal — Internal Python object serialization <https://docs.python.org/3/library/marshal.html>`_
  - `CWE-502: Deserialization of Untrusted Data <https://cwe.mitre.org/data/definitions/502.html>`_
 

@@ -48,7 +48,7 @@
 
 .. seealso::
 
- - `Cleartext Transmission of Sensitive Information in the Nntplib Module <https://docs.securesauce.dev/rules/PRE0011>`_
+ - `Cleartext Transmission of Sensitive Information in the Nntplib Module <https://docs.securesauce.dev/rules/PY011>`_
  - `nntplib — NNTP protocol client <https://docs.python.org/3/library/nntplib.html>`_
  - `CWE-319: Cleartext Transmission of Sensitive Information <https://cwe.mitre.org/data/definitions/319.html>`_
 

@@ -49,7 +49,7 @@ def load_pickle_file(file_path):
 
 .. seealso::
 
- - `Deserialization of Untrusted Data in Pickle Module <https://docs.securesauce.dev/rules/PRE0012>`_
+ - `Deserialization of Untrusted Data in Pickle Module <https://docs.securesauce.dev/rules/PY012>`_
  - `pickle — Python object serialization <https://docs.python.org/3/library/pickle.html>`_
  - `CWE-502: Deserialization of Untrusted Data <https://cwe.mitre.org/data/definitions/502.html>`_
  - `json — JSON encoder and decoder <https://docs.python.org/3/library/json.html>`_

@@ -59,7 +59,7 @@
 
 .. seealso::
 
- - `Cleartext Transmission of Sensitive Information in the Poplib Module <https://docs.securesauce.dev/rules/PRE0013>`_
+ - `Cleartext Transmission of Sensitive Information in the Poplib Module <https://docs.securesauce.dev/rules/PY013>`_
  - `poplib — POP3 protocol client <https://docs.python.org/3/library/poplib.html>`_
  - `CWE-319: Cleartext Transmission of Sensitive Information <https://cwe.mitre.org/data/definitions/319.html>`_
 

@@ -37,7 +37,7 @@
 
 .. seealso::
 
- - `Deserialization of Untrusted Data in the Shelve Module <https://docs.securesauce.dev/rules/PRE0014>`_
+ - `Deserialization of Untrusted Data in the Shelve Module <https://docs.securesauce.dev/rules/PY014>`_
  - `shelve — Python object persistence <https://docs.python.org/3/library/shelve.html>`_
  - `CWE-502: Deserialization of Untrusted Data <https://cwe.mitre.org/data/definitions/502.html>`_
 

@@ -92,7 +92,7 @@ def prompt(prompt):
 
 .. seealso::
 
- - `Cleartext Transmission of Sensitive Information in the Smtplib Module <https://docs.securesauce.dev/rules/PRE0015>`_
+ - `Cleartext Transmission of Sensitive Information in the Smtplib Module <https://docs.securesauce.dev/rules/PY015>`_
  - `smtplib — SMTP protocol client <https://docs.python.org/3/library/smtplib.html>`_
  - `CWE-319: Cleartext Transmission of Sensitive Information <https://cwe.mitre.org/data/definitions/319.html>`_
 

@@ -49,7 +49,7 @@
 
 .. seealso::
 
- - `Improper Certificate Validation Using ssl._create_unverified_context <https://docs.securesauce.dev/rules/PRE0016>`_
+ - `Improper Certificate Validation Using ssl._create_unverified_context <https://docs.securesauce.dev/rules/PY016>`_
  - `ssl — TLS/SSL wrapper for socket objects <https://docs.python.org/3/library/ssl.html>`_
  - `CWE-295: Improper Certificate Validation <https://cwe.mitre.org/data/definitions/295.html>`_
 

@@ -66,7 +66,7 @@
 
 .. seealso::
 
- - `Inadequate Encryption Strength Using Weak SSL Protocols <https://docs.securesauce.dev/rules/PRE0017>`_
+ - `Inadequate Encryption Strength Using Weak SSL Protocols <https://docs.securesauce.dev/rules/PY017>`_
  - `ssl — TLS/SSL wrapper for socket objects <https://docs.python.org/3/library/ssl.html>`_
  - `CWE-326: Inadequate Encryption Strength <https://cwe.mitre.org/data/definitions/326.html>`_
 

@@ -101,7 +101,7 @@
 
 .. seealso::
 
- - `Cleartext Transmission of Sensitive Information in the Telnetlib Module <https://docs.securesauce.dev/rules/PRE0018>`_
+ - `Cleartext Transmission of Sensitive Information in the Telnetlib Module <https://docs.securesauce.dev/rules/PY018>`_
  - `telnetlib — Telnet client <https://docs.python.org/3/library/telnetlib.html>`_
  - `CWE-319: Cleartext Transmission of Sensitive Information <https://cwe.mitre.org/data/definitions/319.html>`_
  - https://www.paramiko.org/

@@ -47,7 +47,7 @@
 
 .. seealso::
 
- - `Insecure Temporary File in the Tempfile Module <https://docs.securesauce.dev/rules/PRE0019>`_
+ - `Insecure Temporary File in the Tempfile Module <https://docs.securesauce.dev/rules/PY019>`_
  - `tempfile — Generate temporary files and directories <https://docs.python.org/3/library/tempfile.html#tempfile.mktemp>`_
  - `CWE-377: Insecure Temporary File <https://cwe.mitre.org/data/definitions/377.html>`_