时间戳

首页 > 解决方案 > 在文件 cryptography/hazmat/primitives/serialization/ssh.py 中检测到 SSH 漏洞

python - 在文件 cryptography/hazmat/primitives/serialization/ssh.py 中检测到 SSH 漏洞

问题描述

我编写了一个 python 应用程序,它使用密码学作为它的依赖项。此应用程序由另一个团队使用。由于他们打算在其 AWS 服务器上运行此应用程序,因此他们必须将应用程序及其依赖项打包到一个文件夹中,并将该文件夹上传到 Bitbucket。AWS 将从 Bitbucket 访问它。当他们将包上传到 Bitbucket 时,下面是他们看到的错误。Cryptography 版本 3.2.1 和 4.0.0 分别安装在不同的场合,但仍然收到此错误

{pre-receive hook declined
Push rejected due to security vulnerabilities detected by security hook.

 


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@                                                          @
@      PUSH REJECTED DUE TO SECURITY VULNERABILITIES       @
@                                                          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

 


SSH vulnerability detected in file cryptography/hazmat/primitives/serialization/ssh.py (9f88efdfc657723baf412b1e664fa7aa1153f863) on line 52.
EC vulnerability detected in file ecdsa/keys.py (9f88efdfc657723baf412b1e664fa7aa1153f863) on line 791.
EC vulnerability detected in file ecdsa/test_keys.py (9f88efdfc657723baf412b1e664fa7aa1153f863) on line 114.
EC vulnerability detected in file ecdsa/test_keys.py (9f88efdfc657723baf412b1e664fa7aa1153f863) on line 163.
EC vulnerability detected in file ecdsa/test_keys.py (9f88efdfc657723baf412b1e664fa7aa1153f863) on line 259.
EC vulnerability detected in file ecdsa/test_pyecdsa.py (9f88efdfc657723baf412b1e664fa7aa1153f863) on line 217.
EC vulnerability detected in file ecdsa/test_pyecdsa.py (9f88efdfc657723baf412b1e664fa7aa1153f863) on line 230.
EC vulnerability detected in file ecdsa/test_pyecdsa.py (9f88efdfc657723baf412b1e664fa7aa1153f863) on line 244.
RSA vulnerability detected in file rsa/key.py (9f88efdfc657723baf412b1e664fa7aa1153f863) on line 582.
RSA vulnerability detected in file rsa/pem.py (9f88efdfc657723baf412b1e664fa7aa1153f863) on line 86.
RSA vulnerability detected in file rsa/pem.py (9f88efdfc657723baf412b1e664fa7aa1153f863) on line 113.

 

WARNING Security Validation Hook: large push detected, only scanned HEAD.
WARNING Schedule a historical scan to scan full commit history.}

以下是我的应用程序中的依赖项:

import base64
import os
import json
from datetime import datetime, timedelta
from urllib.parse import urlparse,quote_plus

import jwt  # PyJWT
import urllib
import requests
from cryptography.hazmat.backends import default_backend
from cryptography.x509 import load_pem_x509_certificate
from jose import jwt as josejwt
from jwt import ExpiredSignatureError

如果需要更多信息,请告诉我。非常感谢对此的一些见解。

PS:其他团队在他们的 Bitbucket 存储库中启用了“受保护的代码”,并且不能取消选中它。

标签: pythonamazon-web-servicessecuritybitbucketpython-cryptography

解决方案

推荐阅读