Verifed by r2c
Detected MD2 hash algorithm which is considered insecure. This algorithm has many known vulnerabilities and has been deprecated. Use SHA256 or SHA3 instead.
Run in CI
rules: - id: insecure-hash-algorithm-md2 message: Detected MD2 hash algorithm which is considered insecure. This algorithm has many known vulnerabilities and has been deprecated. Use SHA256 or SHA3 instead. metadata: source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L59 cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" owasp: "A3: Sensitive Data Exposure" references: - https://tools.ietf.org/html/rfc6149 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 - https://pycryptodome.readthedocs.io/en/latest/src/hash/sha3_256.html category: security technology: - pycryptodome license: Commons Clause License Condition v1.0[LGPL-2.1-only] severity: WARNING languages: - python pattern-either: - pattern: Crypto.Hash.MD2.new(...) - pattern: Cryptodome.Hash.MD2.new (...)
# cf. https://github.com/PyCQA/bandit/blob/b78c938c0bd03d201932570f5e054261e10c5750/examples/crypto-md5.py from cryptography.hazmat.primitives import hashes from Crypto.Hash import MD2 as pycrypto_md2 from Crypto.Hash import MD4 as pycrypto_md4 from Crypto.Hash import MD5 as pycrypto_md5 from Crypto.Hash import SHA as pycrypto_sha from Cryptodome.Hash import MD2 as pycryptodomex_md2 from Cryptodome.Hash import MD4 as pycryptodomex_md4 from Cryptodome.Hash import MD5 as pycryptodomex_md5 from Cryptodome.Hash import SHA as pycryptodomex_sha from Crypto.Hash import SHA3_256 # ok:insecure-hash-algorithm-md2 # ok:insecure-hash-algorithm-md5 # ok:insecure-hash-algorithm-sha1 # ok:insecure-hash-algorithm-md4 h_obj = SHA3_256.new() h_obj.update(b'Some data') print(h_obj.hexdigest()) # ruleid:insecure-hash-algorithm-md2 pycrypto_md2.new() # ruleid:insecure-hash-algorithm-md4 pycrypto_md4.new() # ruleid:insecure-hash-algorithm-md5 pycrypto_md5.new() # ruleid:insecure-hash-algorithm-sha1 pycrypto_sha.new() # ruleid:insecure-hash-algorithm-md2 pycryptodomex_md2.new() # ruleid:insecure-hash-algorithm-md4 pycryptodomex_md4.new() # ruleid:insecure-hash-algorithm-md5 pycryptodomex_md5.new() # ruleid:insecure-hash-algorithm-sha1 pycryptodomex_sha.new()
Short Link: https://sg.run/8nqy