gitlab.bandit.B505-1
385
Download Count*
License
Detected an insufficient key size for DSA. NIST recommends a key size of 2048 or higher.
Run Locally
Run in CI
Defintion
rules:
- id: bandit.B505-1
patterns:
- pattern-either:
- pattern: cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key(...,
key_size=$SIZE, ...)
- pattern: cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key($EXP,
$SIZE, ...)
- pattern: cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key($SIZE,
...)
- pattern: cryptography.hazmat.primitives.asymmetric.dsa.generate_private_key(...,
key_size=$SIZE, ...)
- pattern: cryptography.hazmat.primitives.asymmetric.dsa.generate_private_key($EXP,
$SIZE, ...)
- pattern: cryptography.hazmat.primitives.asymmetric.dsa.generate_private_key($SIZE,
...)
- pattern: Crypto.PublicKey.RSA.generate($SIZE, ...)
- pattern: Crypto.PublicKey.DSA.generate($SIZE, ...)
- pattern: Cryptodome.PublicKey.DSA.generate($SIZE, ...)
- pattern: Cryptodome.PublicKey.RSA.generate($SIZE, ...)
- pattern: Crypto.PublicKey.DSA.generate(bits=$SIZE, ...)
- pattern: Cryptodome.PublicKey.DSA.generate(bits=$SIZE, ...)
- pattern: pycrypto_rsa.generate(bits=$SIZE, ...)
- pattern: pycrypto_dsa.generate(bits=$SIZE, ...)
- pattern: pycryptodomex_rsa.generate(bits=$SIZE, ...)
- pattern: pycryptodomex_rsa.generate($SIZE, ...)
- pattern: pycryptodomex_dsa.generate(bits=$SIZE, ...)
- pattern: pycryptodomex_dsa.generate($SIZE, ...)
- metavariable-comparison:
metavariable: $SIZE
comparison: $SIZE < 2048
message: |
Detected an insufficient key size for DSA. NIST recommends
a key size of 2048 or higher.
metadata:
cwe: "CWE-326: Inadequate Encryption Strength"
owasp: "A3: Sensitive Data Exposure"
primary_identifier: bandit.B505-1
secondary_identifiers:
- name: Bandit Test ID B505-1
type: bandit_test_id
value: B505-1
license: MIT
severity: WARNING
languages:
- python
Short Link: https://sg.run/XL9j