examples/vulnerable_sample.py
| 1 | """Example of code that pqc-lint should flag. |
| 2 | |
| 3 | Run: |
| 4 | pqc-lint scan examples/vulnerable_sample.py |
| 5 | """ |
| 6 | |
| 7 | from cryptography.hazmat.primitives.asymmetric import rsa, ec, ed25519 |
| 8 | from cryptography.hazmat.primitives import hashes |
| 9 | from cryptography.hazmat.primitives.asymmetric import padding |
| 10 | import hashlib |
| 11 | |
| 12 | |
| 13 | # PQC001 - RSA key generation (broken by Shor's) |
| 14 | rsa_key = rsa.generate_private_key(public_exponent=65537, key_size=2048) |
| 15 | |
| 16 | # PQC001 - RSA signing with PSS padding |
| 17 | signature = rsa_key.sign( |
| 18 | b"data", |
| 19 | padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=32), |
| 20 | hashes.SHA256(), |
| 21 | ) |
| 22 | |
| 23 | # PQC002 - ECDSA key generation |
| 24 | ec_key = ec.generate_private_key(ec.SECP256R1()) |
| 25 | |
| 26 | # PQC003 - Ed25519 (classical, not quantum-safe) |
| 27 | ed_key = ed25519.Ed25519PrivateKey.generate() |
| 28 | |
| 29 | # PQC301 - MD5 (broken) |
| 30 | md5_digest = hashlib.md5(b"legacy").hexdigest() |
| 31 | |