gitlab.bandit.B505-2

385

Download Count*

License

Detected an insufficient curve size for EC. NIST recommends a key size of 224 or higher. For example, use 'ec.SECP256R1'.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: bandit.B505-2
    patterns:
      - pattern-inside: cryptography.hazmat.primitives.asymmetric.ec.generate_private_key(...)
    message: |
      Detected an insufficient curve size for EC. NIST recommends
      a key size of 224 or higher. For example, use 'ec.SECP256R1'.
    metadata:
      cwe: "CWE-326: Inadequate Encryption Strength"
      owasp: "A3: Sensitive Data Exposure"
      primary_identifier: bandit.B505-2
      secondary_identifiers:
        - name: Bandit Test ID B505
          type: bandit_test_id
          value: B505
      license: MIT
    severity: WARNING
    languages:
      - python

Short Link: https://sg.run/jNgP