[NXDRIVE-1429] Move from pycryptodome to pyca/cryptography library - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: 4.0.0
Fix Version/s: NoFixVersionApplicable
Component/s: Framework, Security

Tags:
- nxDrive
Sprint:
nxDrive 10.10.3
Story Points:
1

Description

Running bandit -r nxdrive will highligth this securiy issue considered as high:

>> Issue: [B414:blacklist] The pycryptodome library is not considered a secure alternative to pycrypto.Consider using pyca/cryptography library.
   Severity: High   Confidence: High
   Location: nxdrive/utils.py:458
   More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b414-import-pycryptodome
457         import base64
458         from Cryptodome.Random import get_random_bytes
459         from Cryptodome.Cipher import AES

Attachments

Activity

People

Assignee:

Mickaël Schoentgen

Reporter:

Mickaël Schoentgen

Participants:

Jenkins, Mickaël Schoentgen

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2018-11-12 16:24

Updated:

2020-07-31 11:32

Resolved:

2018-12-11 16:54

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

30m