From 603b461d23e11a98b7487b1665a5801ccb7a692a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 22:47:27 +0000 Subject: [PATCH 1/2] --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-and-lint-dependencies ... Signed-off-by: dependabot[bot] --- requirements-lint.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-lint.txt b/requirements-lint.txt index e4e2ada1..ef4151dc 100644 --- a/requirements-lint.txt +++ b/requirements-lint.txt @@ -1,5 +1,5 @@ mypy==1.10.0 black==24.4.2 isort==5.13.2 -pylint==3.1.1 +pylint==3.2.2 bandit==1.7.8 From f61cf1a9d973d059445a604832629a3d3f354de2 Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Tue, 21 May 2024 10:10:57 +0300 Subject: [PATCH 2/2] GCPSigner: Add exception for unsupported keys This seems correct-er and makes pylint happier. Signed-off-by: Jussi Kukkonen --- securesystemslib/signer/_gcp_signer.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/securesystemslib/signer/_gcp_signer.py b/securesystemslib/signer/_gcp_signer.py index 8dd6baaa..4beaf829 100644 --- a/securesystemslib/signer/_gcp_signer.py +++ b/securesystemslib/signer/_gcp_signer.py @@ -165,7 +165,7 @@ def _get_hash_algorithm(public_key: Key) -> str: if public_key.keytype == "rsa": # hash algorithm is encoded as last scheme portion algo = public_key.scheme.split("-")[-1] - if public_key.keytype in [ + elif public_key.keytype in [ "ecdsa", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", @@ -173,6 +173,10 @@ def _get_hash_algorithm(public_key: Key) -> str: # nistp256 uses sha-256, nistp384 uses sha-384 bits = public_key.scheme.split("-nistp")[-1] algo = f"sha{bits}" + else: + raise exceptions.UnsupportedAlgorithmError( + f"Unsupported key type {public_key.keytype} in key {public_key.keyid}" + ) # trigger UnsupportedAlgorithm if appropriate _ = sslib_hash.digest(algo)