[Security] Fix CodeQL alert #20: Use of a broken or weak cryptographic algorithm#94
[Security] Fix CodeQL alert #20: Use of a broken or weak cryptographic algorithm#94colin-d-fried wants to merge 1 commit into
Conversation
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| from Crypto.Cipher import AES | ||
| cipher = AES.new(key, AES.MODE_GCM) | ||
| ciphertext, tag = cipher.encrypt_and_digest(plaintext) | ||
| return cipher.nonce + tag + ciphertext |
There was a problem hiding this comment.
ARC2 import now unused after removing its only usage
Low Severity
The ARC2 import on line 3 (from Crypto.Cipher import DES, ARC2, Blowfish) is now unused because encrypt_with_arc2 was the only consumer and this change replaced its internals with AES. The stale import of a weak cryptographic module partially undermines the intent of removing weak crypto usage from this function.
| from Crypto.Cipher import AES | ||
| cipher = AES.new(key, AES.MODE_GCM) | ||
| ciphertext, tag = cipher.encrypt_and_digest(plaintext) | ||
| return cipher.nonce + tag + ciphertext |
There was a problem hiding this comment.
Function name falsely implies ARC2 but uses AES-GCM
Medium Severity
The function encrypt_with_arc2 now internally uses AES-GCM instead of ARC2, but the name was not updated. This is misleading — a developer writing a corresponding decryption function based on the name would assume ARC2/ECB and produce completely incompatible code. The return format also silently changed from raw ciphertext to nonce + tag + ciphertext, compounding the risk of misuse.
1 participant
Summary
Fixes CodeQL alert #20: Use of a broken or weak cryptographic algorithm
vulnerable_weak_crypto.pyFix Applied
See the diff for the specific secure coding change applied.
Fixes #22
Note
Medium Risk
Updates encryption output format and algorithm in
encrypt_with_arc2, which can break callers expecting raw ARC2 ciphertext and requires correct key sizing/nonce handling. Change is localized but affects cryptography behavior and interoperability.Overview
Replaces the weak
ARC2+MODE_ECBencryption inencrypt_with_arc2with authenticated encryption usingAESinMODE_GCM.The function now returns
nonce + tag + ciphertextfromencrypt_and_digest, changing both the algorithm and the ciphertext format compared to the previous raw block-cipher output.Written by Cursor Bugbot for commit 7967313. This will update automatically on new commits. Configure here.