Mathieu Kniewallner 598974545b feat(rules): implement flake8-bandit S505 (#7703) ... Part of #1646. ## Summary Implement `S505` ([`weak_cryptographic_key`](https://bandit.readthedocs.io/en/latest/plugins/b505_weak_cryptographic_key.html)) rule from `bandit`. For this rule, `bandit` [reports the issue with](https://github.com/PyCQA/bandit/blob/1.7.5/bandit/plugins/weak_cryptographic_key.py#L47-L56): - medium severity for DSA/RSA < 2048 bits and EC < 224 bits - high severity for DSA/RSA < 1024 bits and EC < 160 bits Since Ruff does not handle severities for `bandit`-related rules, we could either report the issue if we have lower values than medium severity, or lower values than high one. Two reasons led me to choose the first option: - a medium severity issue is still a security issue we would want to report to the user, who can then decide to either handle the issue or ignore it - `bandit` [maps the EC key algorithms to their respective key lengths in bits](https://github.com/PyCQA/bandit/blob/1.7.5/bandit/plugins/weak_cryptographic_key.py#L112-L133), but there is no value below 160 bits, so technically `bandit` would never report medium severity issues for EC keys, only high ones Another consideration is that as shared just above, for EC key algorithms, `bandit` has a mapping to map the algorithms to their respective key lengths. In the implementation in Ruff, I rather went with an explicit list of EC algorithms known to be vulnerable (which would thus be reported) rather than implementing a mapping to retrieve the associated key length and comparing it with the minimum value. ## Test Plan Snapshot tests from https://github.com/PyCQA/bandit/blob/1.7.5/examples/weak_cryptographic_key_sizes.py.		2023-09-28 21:27:37 -04:00
..
flake8_to_ruff	Add explicit-preview-rules to toggle explicit selection of preview rules (#7390)	2023-09-28 15:00:33 -05:00
ruff_benchmark	Formatter and parser refactoring (#7569)	2023-09-26 15:29:43 +02:00
ruff_cache	Introduce FormatterSettings (#7545)	2023-09-21 08:01:24 +02:00
ruff_cli	Rename Autofix to Fix (#7657)	2023-09-28 10:53:05 +00:00
ruff_dev	Rename Autofix to Fix (#7657)	2023-09-28 10:53:05 +00:00
ruff_diagnostics	Rename Autofix to Fix (#7657)	2023-09-28 10:53:05 +00:00
ruff_formatter	Add most formatter options to ruff.toml / pyproject.toml (#7566)	2023-09-22 15:47:57 +00:00
ruff_index
ruff_linter	feat(rules): implement flake8-bandit S505 (#7703)	2023-09-28 21:27:37 -04:00
ruff_macros	Rename Autofix to Fix (#7657)	2023-09-28 10:53:05 +00:00
ruff_notebook	Rename Autofix to Fix (#7657)	2023-09-28 10:53:05 +00:00
ruff_python_ast	Include radix base prefix in large number representation (#7700)	2023-09-28 20:38:06 +00:00
ruff_python_codegen	Remove Int wrapper type from parser (#7577)	2023-09-21 17:01:44 +00:00
ruff_python_formatter	Always prefer double quotes for docstrings and triple-quoted srings (#7680)	2023-09-28 15:11:33 -04:00
ruff_python_index	Formatter and parser refactoring (#7569)	2023-09-26 15:29:43 +02:00
ruff_python_literal	Implement our own small-integer optimization (#7584)	2023-09-25 15:13:21 +00:00
ruff_python_parser	Include radix base prefix in large number representation (#7700)	2023-09-28 20:38:06 +00:00
ruff_python_resolver	Replace .map_or(false, $closure) with .is_some_and(closure) (#6244)	2023-08-01 19:29:42 +02:00
ruff_python_semantic	Implement our own small-integer optimization (#7584)	2023-09-25 15:13:21 +00:00
ruff_python_stdlib	Use u8 to represent version segments (#7578)	2023-09-21 14:24:51 -04:00
ruff_python_trivia	Extend pragma comment cases (#7687)	2023-09-28 18:55:19 +00:00
ruff_shrinking	Bump shlex from 1.1.0 to 1.2.0 (#7381)	2023-09-14 09:40:05 -05:00
ruff_source_file	Skip BOM when inserting start-of-file imports (#7622)	2023-09-23 19:36:50 +00:00
ruff_text_size	Unify line size settings between ruff and the formatter (#6873)	2023-08-28 06:44:56 +00:00
ruff_wasm	Add lint section to Ruff configuration	2023-09-27 08:46:27 +02:00
ruff_workspace	Add explicit-preview-rules to toggle explicit selection of preview rules (#7390)	2023-09-28 15:00:33 -05:00