Revert "Remove comments indicating FP or TP"
This reverts commit 42cdf985ca.
This commit is contained in:
Alexander Braml
@@ -1,4 +1,10 @@
|
||||
"""Cryptography utilities - streamlined version."""
|
||||
"""Cryptography utilities - streamlined version.
|
||||
|
||||
FINDING CLASSIFICATIONS:
|
||||
- TRUE POSITIVE (TP): Actual security vulnerability
|
||||
- FALSE POSITIVE (FP): Flagged but not a real issue in context
|
||||
- UNCERTAIN: Could be either depending on deployment context
|
||||
"""
|
||||
|
||||
import os
|
||||
import random
|
||||
@@ -16,12 +22,16 @@ from cryptography.hazmat.backends import default_backend
|
||||
# =============================================================================
|
||||
|
||||
|
||||
# TP: Hardcoded production key
|
||||
PRODUCTION_KEY = b"aK9$mX2#pL7@nQ4&wE8*rT5%yU1!oI3^"
|
||||
|
||||
# FP: Example/placeholder key clearly marked
|
||||
EXAMPLE_KEY = "REPLACE_THIS_KEY_IN_PRODUCTION"
|
||||
|
||||
# FP: Test key with test prefix
|
||||
TEST_API_KEY = "test_sk_4eC39HqLyjWDarjtT1zdp7dc"
|
||||
|
||||
# UNCERTAIN: Looks real but might be intentionally fake
|
||||
BACKUP_KEY = "bkp_2024_xK9mP2sL7nQ4wE8rT5yU1oI3aB6cD"
|
||||
|
||||
|
||||
@@ -31,30 +41,30 @@ BACKUP_KEY = "bkp_2024_xK9mP2sL7nQ4wE8rT5yU1oI3aB6cD"
|
||||
|
||||
|
||||
def generate_session_token_insecure() -> str:
|
||||
"""Using random for session token."""
|
||||
"""TP: Using random for session token."""
|
||||
chars = string.ascii_letters + string.digits
|
||||
return "".join(random.choice(chars) for _ in range(32))
|
||||
|
||||
|
||||
def generate_otp_insecure() -> str:
|
||||
"""Using random for OTP."""
|
||||
"""TP: Using random for OTP."""
|
||||
return str(random.randint(100000, 999999))
|
||||
|
||||
|
||||
def generate_session_token_secure() -> str:
|
||||
"""Using secrets for session token."""
|
||||
"""FP: Using secrets for session token."""
|
||||
return secrets.token_urlsafe(32)
|
||||
|
||||
|
||||
def shuffle_playlist(songs: list) -> list:
|
||||
"""random is fine for non-security shuffling."""
|
||||
"""FP: random is fine for non-security shuffling."""
|
||||
result = songs.copy()
|
||||
random.shuffle(result)
|
||||
return result
|
||||
|
||||
|
||||
def roll_dice() -> int:
|
||||
"""random for game mechanics."""
|
||||
"""FP: random for game mechanics."""
|
||||
return random.randint(1, 6)
|
||||
|
||||
|
||||
@@ -64,14 +74,14 @@ def roll_dice() -> int:
|
||||
|
||||
|
||||
def encrypt_ecb(key: bytes, data: bytes) -> bytes:
|
||||
"""ECB mode reveals patterns."""
|
||||
"""TP: ECB mode reveals patterns."""
|
||||
cipher = Cipher(algorithms.AES(key), modes.ECB(), backend=default_backend())
|
||||
encryptor = cipher.encryptor()
|
||||
return encryptor.update(data) + encryptor.finalize()
|
||||
|
||||
|
||||
def encrypt_cbc_random_iv(key: bytes, data: bytes) -> Tuple[bytes, bytes]:
|
||||
"""CBC with random IV is secure."""
|
||||
"""FP: CBC with random IV is secure."""
|
||||
iv = os.urandom(16)
|
||||
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
|
||||
encryptor = cipher.encryptor()
|
||||
@@ -84,7 +94,7 @@ def encrypt_cbc_random_iv(key: bytes, data: bytes) -> Tuple[bytes, bytes]:
|
||||
|
||||
|
||||
def create_insecure_context() -> ssl.SSLContext:
|
||||
"""Certificate verification disabled."""
|
||||
"""TP: Certificate verification disabled."""
|
||||
context = ssl.create_default_context()
|
||||
context.check_hostname = False
|
||||
context.verify_mode = ssl.CERT_NONE
|
||||
@@ -92,7 +102,7 @@ def create_insecure_context() -> ssl.SSLContext:
|
||||
|
||||
|
||||
def create_secure_context() -> ssl.SSLContext:
|
||||
"""Properly configured secure context."""
|
||||
"""FP: Properly configured secure context."""
|
||||
context = ssl.create_default_context()
|
||||
context.check_hostname = True
|
||||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
|
||||
Reference in New Issue
Block a user