Do not use insecure functions

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

ID: python-security/insecure-hash-functions

Language: Python

Severity: Warning

Category: Security

Description

Do not use a broken or risky cryptographic algorithm. This exposes you to unwanted attacks.

It checks the following modules

Learn More

  • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
  • CWE-328 - Use of Weak Hash

Non-Compliant Code Examples

from cryptography.hazmat.primitives import hashes
digest = hashes.Hash(hashes.MD5())

from cryptography.hazmat.primitives import hashes
digest = hashes.Hash(hashes.MD5())

import hashlib

hashlib.new('md5')
hashlib.new('md4')


hashlib.md5("bla");
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

Datadog Code Analysis