gitlab.bandit.B324

385

Download Count*

License

Detected use of an insecure MD4 or MD5 hash function. These functions have known vulnerabilities and are considered deprecated. Consider using 'SHA256' or a similar function instead.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: bandit.B324
    patterns:
      - pattern-either:
          - pattern: hashlib.new("=~/[M|m][D|d][4|5]/", ...)
          - pattern: hashlib.new(..., name="=~/[M|m][D|d][4|5]/", ...)
          - pattern: hashlib.new('sha1')
          - pattern: hashlib.new(..., name='SHA1')
          - pattern: hashlib.new('sha', string='test')
          - pattern: hashlib.new(name='SHA', string='test')
    message: |
      Detected use of an insecure MD4 or MD5 hash function.
      These functions have known vulnerabilities and are considered deprecated.
      Consider using 'SHA256' or a similar function instead.
    metadata:
      cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
      owasp: "A3: Sensitive Data Exposure"
      primary_identifier: bandit.B324
      secondary_identifiers:
        - name: Bandit Test ID B324
          type: bandit_test_id
          value: B324
      license: MIT
    severity: WARNING
    languages:
      - python

Short Link: https://sg.run/Wg1E