a2b0adf225
* Modify rule S3329: Correct example code * Aligned compliant and noncompliant code * Use AES/CBC/PKCS5Padding in all examples for Java and Kotlin
39 lines
858 B
Plaintext
39 lines
858 B
Plaintext
== How to fix it in Cryptodome
|
|
|
|
=== Code examples
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,python,diff-id=11,diff-type=noncompliant]
|
|
----
|
|
from Crypto.Cipher import AES
|
|
from Crypto.Random import get_random_bytes
|
|
from Crypto.Util.Padding import pad
|
|
|
|
iv = b"exampleIV1234567"
|
|
cipher = AES.new(key, AES.MODE_CBC, iv)
|
|
cipher.encrypt(pad(data, AES.block_size)) # Noncompliant
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
:explicit_strong: Crypto.Random.get_random_bytes
|
|
|
|
include::../../common/fix/explicit-fix.adoc[]
|
|
|
|
[source,python,diff-id=11,diff-type=compliant]
|
|
----
|
|
from Crypto.Cipher import AES
|
|
from Crypto.Random import get_random_bytes
|
|
from Crypto.Util.Padding import pad
|
|
|
|
iv = get_random_bytes(AES.block_size)
|
|
cipher = AES.new(key, AES.MODE_CBC, iv)
|
|
cipher.encrypt(pad(data, AES.block_size))
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/fix.adoc[]
|
|
|