Badkeys

Latest version: v0.0.12

Safety actively analyzes 682244 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

0.0.12

This release contains no major changes, but a few minor new
features and bugfixes:
* Add -q/--quiet option for --update-* commands
* Fix bug when passing multiple extra blocklists
* Make output of ERROR:/WARNING: more consistent / always uppercase
* Detect "square" keys
* Handle DNS errors in DKIM check better
* Handle malformed CSRs

0.0.11

This release only contains one important bugfix.
The key type (k=) variable in DKIM is optional. If it is not set, the key type is "rsa". badkeys wrongly assumed such records were invalid, and did not scan the key. This is now fixed.

0.0.10

Add flag -w/--warnings that will enable checks of key size and exponent values for RSA.

0.0.9

* Supports scanning DKIM keys both in files (e.g. zone files,
output of tools like dig/host) or directly from DNS
(requires dnspython).

* Silence deprecation warnings for SSH DSA keys, we may need
to implement our own parser in the future.

* Add __version__ module variable and --version command line.

0.0.8

Major speedup release:
* The rsainvalid module contained a check whether the N in an RSA key was prime, which would indicate a defect key. Via profiling with cProfile/snakeviz, I discovered that this check is very computationally expensive. Removing this feature, which is not very valuable, makes badkeys 10x faster.

Minor changes:
* Continue TLS scans when remote server drops packages.
* Produce proper error message in SSH scan mode when paramiko is not available.
* Make blocklist tests optional (for distro build systems).

0.0.7

* This version introduces a new module to detect keys used in the xz backdoor. The backdoor expects a certain type of RSA public key, badkeys can detect these now. This detection can theoretically lead to false positives, however, the false positive rate is low enough (~1:2^62) that it will likely never show up in practice.
* Move from setup.py/setup.cfg to pyproject.toml.
* Avoid installing the "tests" dir in the wheel.
* Avoid open_binary() deprecation warning and use new files() API. This raises the required Python version to 3.9.

Links

Releases

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.