981e54d330
## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
39 lines
860 B
Plaintext
39 lines
860 B
Plaintext
== How to fix it in Cryptodome
|
|
|
|
=== Code examples
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,python,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
from Crypto.Cipher import AES
|
|
from Crypto.Random import get_random_bytes
|
|
from Crypto.Util.Padding import pad
|
|
|
|
iv = "doNotTryThis@Home2023"
|
|
cipher = AES.new(key, AES.MODE_CBC, iv)
|
|
cipher.encrypt(pad(data, AES.block_size)) # Noncompliant
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
:explicit_strong: Crypto.Random.get_random_bytes
|
|
|
|
include::../../common/fix/explicit-fix.adoc[]
|
|
|
|
[source,python,diff-id=1,diff-type=compliant]
|
|
----
|
|
from Crypto.Cipher import AES
|
|
from Crypto.Random import get_random_bytes
|
|
from Crypto.Util.Padding import pad
|
|
|
|
iv = get_random_bytes(AES.block_size)
|
|
cipher = AES.new(key, AES.MODE_CBC, iv)
|
|
cipher.encrypt(pad(data, AES.block_size))
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/fix.adoc[]
|
|
|