so I was asked to come up with some automated possibility to check python code (provided by devs) for adherence to crypto best practices according to different recommendations (mostly German BSI). Most of the time this boils down to looking for usage of e.g., MD5, SHA1 or the keylength in RSA and such stuff.
I could do this somehow with regex but this seems a bit cumbersome and tbh I don't know all the necessary libs and how the function calls look like (to create the regex). I do know that the bandit sast tool has rules to find MD5/SHA1/... but these are not really sufficient (although a good start).
What would be a good possibility to identify usage of such insecure functions? Just Regex, writing my own bandit rules or something different?
Thx
from How do I automatically identify crypto best practices in python code
No comments:
Post a Comment