Uploaded image for project: 'Nuxeo Drive '
  1. Nuxeo Drive
  2. NXDRIVE-1429

Move from pycryptodome to pyca/cryptography library

    XMLWordPrintable

    Details

    • Tags:
    • Sprint:
      nxDrive 10.10.3
    • Story Points:
      1

      Description

      Running bandit -r nxdrive will highligth this securiy issue considered as high:

      >> Issue: [B414:blacklist] The pycryptodome library is not considered a secure alternative to pycrypto.Consider using pyca/cryptography library.
         Severity: High   Confidence: High
         Location: nxdrive/utils.py:458
         More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b414-import-pycryptodome
      457         import base64
      458         from Cryptodome.Random import get_random_bytes
      459         from Cryptodome.Cipher import AES
      

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 30 minutes
                30m

                  PagerDuty