Rename of the key size config variables (#659)

Small change to rename the key size configuration variables. Signed-off-by: Eric Brown <[email protected]>
securesauce · Oct 26, 2024 · cc3266f · cc3266f
1 parent fe947ee
commit cc3266f
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 33 deletions.
diff --git a/precli/rules/go/stdlib/crypto_weak_key.py b/precli/rules/go/stdlib/crypto_weak_key.py
@@ -124,10 +124,9 @@
 ```toml
 enabled = true
 level = "warning"
-warning_dsa_key_size = 2048
-error_dsa_key_size = 1024
-warning_rsa_key_size = 2048
-error_rsa_key_size = 1024
+dsa_key_size_error = 1024
+rsa_key_size_warning = 2048
+rsa_key_size_error = 1024
 ```
 
 # See also
@@ -164,8 +163,7 @@ def analyze_call_expression(
         self, context: dict, call: Call
     ) -> Optional[Result]:
         if call.name_qualified in ["crypto/dsa.GenerateParameters"]:
-            WARN_SIZE = self.config.parameters.get("warning_dsa_key_size")
-            ERR_SIZE = self.config.parameters.get("error_dsa_key_size")
+            SIZE_ERR = self.config.parameters.get("dsa_key_size_error")
 
             argument = call.get_argument(position=2)
             sizes = argument.value
@@ -174,7 +172,7 @@ def analyze_call_expression(
                 fixes = Rule.get_fixes(
                     context=context,
                     deleted_location=Location(node=argument.identifier_node),
-                    description=f"Use a minimum key size of {WARN_SIZE} for "
+                    description=f"Use a minimum key size of {SIZE_ERR} for "
                     "DSA keys.",
                     inserted_content="L2048N224",
                 )
@@ -183,29 +181,29 @@ def analyze_call_expression(
                     rule_id=self.id,
                     location=Location(node=argument.identifier_node),
                     level=Level.ERROR,
-                    message=self.message.format("DSA", WARN_SIZE),
+                    message=self.message.format("DSA", SIZE_ERR),
                     fixes=fixes,
                 )
         elif call.name_qualified in ["crypto/rsa.GenerateKey"]:
-            WARN_SIZE = self.config.parameters.get("warning_rsa_key_size")
-            ERR_SIZE = self.config.parameters.get("error_rsa_key_size")
+            SIZE_WARN = self.config.parameters.get("rsa_key_size_warning")
+            SIZE_ERR = self.config.parameters.get("rsa_key_size_error")
 
             argument = call.get_argument(position=1)
             bits = argument.value
 
-            if isinstance(bits, int) and bits < WARN_SIZE:
+            if isinstance(bits, int) and bits < SIZE_WARN:
                 fixes = Rule.get_fixes(
                     context=context,
                     deleted_location=Location(node=argument.node),
-                    description=f"Use a minimum key size of {WARN_SIZE} for "
+                    description=f"Use a minimum key size of {SIZE_WARN} for "
                     "RSA keys.",
-                    inserted_content=f"{WARN_SIZE}",
+                    inserted_content=f"{SIZE_WARN}",
                 )
 
                 return Result(
                     rule_id=self.id,
                     location=Location(node=argument.node),
-                    level=Level.ERROR if bits <= ERR_SIZE else Level.WARNING,
-                    message=self.message.format("RSA", WARN_SIZE),
+                    level=Level.ERROR if bits <= SIZE_ERR else Level.WARNING,
+                    message=self.message.format("RSA", SIZE_WARN),
                     fixes=fixes,
                 )
diff --git a/precli/rules/java/stdlib/java_security_weak_key.py b/precli/rules/java/stdlib/java_security_weak_key.py
@@ -82,8 +82,8 @@
 ```toml
 enabled = true
 level = "warning"
-warning_key_size = 2048
-error_key_size = 1024
+key_size_warning = 2048
+key_size_error = 1024
 ```
 
 # See also
@@ -128,8 +128,8 @@ def analyze_method_invocation(
         ]:
             return
 
-        WARN_SIZE = self.config.parameters.get("warning_key_size")
-        ERR_SIZE = self.config.parameters.get("error_key_size")
+        SIZE_WARN = self.config.parameters.get("key_size_warning")
+        SIZE_ERR = self.config.parameters.get("key_size_error")
 
         argument = call.get_argument(position=0)
         keysize = argument.value
@@ -145,19 +145,19 @@ def analyze_method_invocation(
         if algorithm is None or algorithm.upper() not in ("DSA", "RSA"):
             return
 
-        if isinstance(keysize, int) and keysize < WARN_SIZE:
+        if isinstance(keysize, int) and keysize < SIZE_WARN:
             fixes = Rule.get_fixes(
                 context=context,
                 deleted_location=Location(node=argument.node),
-                description=f"Use a minimum key size of {WARN_SIZE} for RSA "
+                description=f"Use a minimum key size of {SIZE_WARN} for RSA "
                 "keys.",
-                inserted_content=f"{WARN_SIZE}",
+                inserted_content=f"{SIZE_WARN}",
             )
 
             return Result(
                 rule_id=self.id,
                 location=Location(node=argument.node),
-                level=Level.ERROR if keysize <= ERR_SIZE else Level.WARNING,
-                message=self.message.format("RSA", WARN_SIZE),
+                level=Level.ERROR if keysize <= SIZE_ERR else Level.WARNING,
+                message=self.message.format("RSA", SIZE_WARN),
                 fixes=fixes,
             )
diff --git a/precli/rules/python/stdlib/ssl_context_weak_key.py b/precli/rules/python/stdlib/ssl_context_weak_key.py
@@ -54,8 +54,8 @@
 ```toml
 enabled = true
 level = "warning"
-warning_ec_key_size = 224
-error_ec_key_size = 160
+ec_key_size_warning = 224
+ec_key_size_error = 160
 ```
 
 # See also
@@ -97,8 +97,8 @@ def analyze_call(self, context: dict, call: Call) -> Optional[Result]:
         ]:
             return
 
-        WARN_SIZE = self.config.parameters.get("warning_ec_key_size")
-        ERR_SIZE = self.config.parameters.get("error_ec_key_size")
+        SIZE_WARN = self.config.parameters.get("ec_key_size_warning")
+        SIZE_ERR = self.config.parameters.get("ec_key_size_error")
 
         arg = call.get_argument(position=0, name="curve_name")
         curve_name = arg.value
@@ -110,21 +110,21 @@ def analyze_call(self, context: dict, call: Call) -> Optional[Result]:
             result = re.search(r"brainpoolP(\d{3})r[1|2|3]", curve_name)
         if not result:
             result = re.search(r"brainpoolP(\d{3})r1tls13", curve_name)
-        key_size = int(result.group(1)) if result else WARN_SIZE
+        key_size = int(result.group(1)) if result else SIZE_WARN
 
-        if key_size < WARN_SIZE:
+        if key_size < SIZE_WARN:
             fixes = Rule.get_fixes(
                 context=context,
                 deleted_location=Location(node=arg.node),
-                description=f"Use a curve with a minimum size of {WARN_SIZE} "
+                description=f"Use a curve with a minimum size of {SIZE_WARN} "
                 "bits.",
                 inserted_content='"secp256k1"',
             )
 
             return Result(
                 rule_id=self.id,
                 location=Location(node=arg.node),
-                level=Level.ERROR if key_size < ERR_SIZE else Level.WARNING,
-                message=self.message.format("EC", WARN_SIZE),
+                level=Level.ERROR if key_size < SIZE_ERR else Level.WARNING,
+                message=self.message.format("EC", SIZE_WARN),
                 fixes=fixes,
             )