Skip to content

Ed25519 and Ed448 generate() rules were matching too broadly#429

Open
Arijit429 wants to merge 1 commit into
cbomkit:mainfrom
Arijit429:fix/python-false-positive-ed25519-ed448
Open

Ed25519 and Ed448 generate() rules were matching too broadly#429
Arijit429 wants to merge 1 commit into
cbomkit:mainfrom
Arijit429:fix/python-false-positive-ed25519-ed448

Conversation

@Arijit429
Copy link
Copy Markdown

@Arijit429 Arijit429 commented May 23, 2026

Fixes #300

The generate() rules for Ed25519 and Ed448 were using withAnyParameters(),
which caused the scanner to match any .generate() call regardless of parameters.

The actual Ed25519PrivateKey.generate() and Ed448PrivateKey.generate() from
pyca/cryptography take no parameters. So withoutParameters() is the correct matcher.

Reproducer from the issue — this was getting flagged as Edwards448 Key Pair Generation:

generated_ids = self.vlm_model.generate(
    **inputs,
    max_new_tokens=self.max_new_tokens,
)

Changed withAnyParameters() to withoutParameters() in both SIGN_ED25519
and SIGN_ED448 rules in PycaSign.java.

@Arijit429 Arijit429 requested a review from a team as a code owner May 23, 2026 04:08
@Arijit429
fix: use withoutParameters() for Ed25519 and Ed448 generate rules to …
d27f2f5 
…prevent false positives

Signed-off-by: Arijit429 <arijitdeb1203@gmail.com>
@Arijit429 Arijit429 force-pushed the fix/python-false-positive-ed25519-ed448 branch from eeff0b7 to d27f2f5 Compare May 23, 2026 04:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Python Scanner generates False Positives

1 participant

@Arijit429