Open trim21 opened 1 month ago
Thanks for reporting this. Do you have a link to where it states that the vulnerability is fixed?
it didn't state, but it doesn't re-produce CVE-2013-7459
Hmm. I don't think there's much we can do when both packages use the same name other than documenting that this rule doesn't apply to PyCryptodome
Hmm. I don't think there's much we can do when both packages use the same name other than documenting that this rule doesn't apply to PyCryptodome
read pyproject.toml and parse deps list maybe?
I understand ruff can't know for sure which package this is, add docs is OK for me.
Happy to document it but it would be helpful to have a clear source to cite. How did you learn that it doesn't reproduce that CVE, for example?
Happy to document it but it would be helpful to have a clear source to cite. How did you learn that it doesn't reproduce that CVE, for example?
source repo: https://github.com/Legrandin/pycryptodome
https://github.com/pycrypto/pycrypto/issues/176 give a example code and it can be executed with PyCryptodome without python crash
ruff 0.5.7 with preview enabled.
PyCryptodome is a fork of PyCrypto and have same import name
Crypto
.It trigger S413
pycrypto
library is known to have publicly disclosed buffer overflow vulnerability