From 0a2b85a8e26ccba0b56c93034f38592bb0fbbee8 Mon Sep 17 00:00:00 2001 From: gmuloc Date: Mon, 22 Jul 2024 11:14:35 +0200 Subject: [PATCH 1/2] Refactor(pyavd): Suppress warnings for cryptography >=43.0.0 --- .../pyavd/_utils/password_utils/password_utils.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/python-avd/pyavd/_utils/password_utils/password_utils.py b/python-avd/pyavd/_utils/password_utils/password_utils.py index 70c261f1057..9382fc56ca2 100644 --- a/python-avd/pyavd/_utils/password_utils/password_utils.py +++ b/python-avd/pyavd/_utils/password_utils/password_utils.py @@ -12,7 +12,13 @@ import base64 from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes +from cryptography.hazmat.primitives.ciphers import Cipher, modes + +# Starting cyryptography 43.0.0, TripleDES cipher has been moved to cryptography.hazmat.decrepit module +try + from cryptography.hazmat.decrepit.ciphers.algorithms import TripleDES +except ImportError: + from cryptography.hazmat.primitives.ciphers.algorithms import TripleDES SEED = b"\xd5\xa8\xc9\x1e\xf5\xd5\x8a\x23" @@ -186,7 +192,7 @@ def cbc_encrypt(key: bytes, data: bytes) -> bytes: ciphertext = ENC_SIG + bytes([padding * 16 + 0xE]) + data + bytes(padding) # Accepting SonarLint issue: The insecure algorithm is ok since this simply matches the algorithm of EOS. - cipher = Cipher(algorithms.TripleDES(hashed_key), modes.CBC(bytes(8)), default_backend()) # NOSONAR + cipher = Cipher(TripleDES(hashed_key), modes.CBC(bytes(8)), default_backend()) # NOSONAR encryptor = cipher.encryptor() result = encryptor.update(ciphertext) encryptor.finalize() @@ -213,7 +219,7 @@ def cbc_decrypt(key: bytes, data: bytes) -> bytes: hashed_key = hashkey(key) # Accepting SonarLint issue: Insecure algorithm is ok since this is simply matching the algorithm of EOS. - cipher = Cipher(algorithms.TripleDES(hashed_key), modes.CBC(bytes(8)), default_backend()) # NOSONAR + cipher = Cipher(TripleDES(hashed_key), modes.CBC(bytes(8)), default_backend()) # NOSONAR decryptor = cipher.decryptor() result = decryptor.update(data) decryptor.finalize() From f315659c21b9311a731b9005a2b06e77141e1c6a Mon Sep 17 00:00:00 2001 From: gmuloc Date: Mon, 22 Jul 2024 14:28:24 +0200 Subject: [PATCH 2/2] Refactor: Fix typo --- python-avd/pyavd/_utils/password_utils/password_utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python-avd/pyavd/_utils/password_utils/password_utils.py b/python-avd/pyavd/_utils/password_utils/password_utils.py index 9382fc56ca2..b6c6e074b97 100644 --- a/python-avd/pyavd/_utils/password_utils/password_utils.py +++ b/python-avd/pyavd/_utils/password_utils/password_utils.py @@ -15,7 +15,7 @@ from cryptography.hazmat.primitives.ciphers import Cipher, modes # Starting cyryptography 43.0.0, TripleDES cipher has been moved to cryptography.hazmat.decrepit module -try +try: from cryptography.hazmat.decrepit.ciphers.algorithms import TripleDES except ImportError: from cryptography.hazmat.primitives.ciphers.algorithms import TripleDES