gitlab.bandit.B303-8

385

Download Count*

License

Detected SHA1 hash algorithm which is considered insecure. SHA1 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: bandit.B303-8
    pattern: cryptography.hazmat.primitives.hashes.SHA1(...)
    message: |
      Detected SHA1 hash algorithm which is considered insecure. SHA1 is not
      collision resistant and is therefore not suitable as a cryptographic
      signature. Use SHA256 or SHA3 instead.
    metadata:
      cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
      owasp: "A3: Sensitive Data Exposure"
      primary_identifier: bandit.B303-8
      secondary_identifiers:
        - name: Bandit Test ID B303
          type: bandit_test_id
          value: B303
      license: MIT
    severity: WARNING
    languages:
      - python

Short Link: https://sg.run/L88r