gitlab.bandit.B305

385

Download Count*

License

Detected ECB cipher mode which is considered insecure. The algorithm can potentially leak information about the plaintext. Use CBC mode instead.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: bandit.B305
    pattern: cryptography.hazmat.primitives.ciphers.modes.ECB(...)
    message: |
      Detected ECB cipher mode which is considered insecure. The algorithm can
      potentially leak information about the plaintext. Use CBC mode instead.
    metadata:
      cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
      owasp: "A3: Sensitive Data Exposure"
      primary_identifier: bandit.B305
      secondary_identifiers:
        - name: Bandit Test ID B305
          type: bandit_test_id
          value: B305
      license: MIT
    severity: WARNING
    languages:
      - python

Short Link: https://sg.run/5JJA