The cryptography package provides recipes (Fernet) and primitives (hazmat). Fernet is the recommended symmetric encryption helper. Findings arise when hazmat primitives are used with obsolete algorithms (MD5, DES, RC4) or ECB mode.
.Fernet()Sanitizercryptography.fernet.Fernet(key: bytes) -> Fernet
Authenticated symmetric encryption. Safe.
.Fernet.encrypt()SanitizerFernet.encrypt(data: bytes) -> bytes
Encrypts a message. Safe.
return.Fernet.decrypt()SanitizerFernet.decrypt(token: bytes, ttl: int = None) -> bytes
Decrypts and authenticates. Raises on tampering. Safe.
return.Cipher()Neutralcryptography.hazmat.primitives.ciphers.Cipher(algorithm, mode, backend=None) -> Cipher
Low-level cipher. Finding when algorithm is DES/3DES/RC4 or mode is ECB.
| FQN | Field | |
|---|---|---|
| cryptography | fqns[0] | |
| cryptography.fernet | fqns[1] | |
| cryptography.hazmat | fqns[2] |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
from codepathfinder.go_rule import PyCryptography