This product is not supported for your selected Datadog site. ().
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Metadata

ID: python-security/insecure-hash-functions

Language: Python

Severity: Warning

Category: Security

CWE: 327

Description

Do not use a broken or risky cryptographic algorithm. This exposes you to unwanted attacks.

It checks the following modules

Learn More

  • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
  • CWE-328 - Use of Weak Hash

Non-Compliant Code Examples

from hashlib import md5
from typing import NamedTuple, Optional

from aiopg import Connection


class User(NamedTuple):
    id: int
    first_name: str
    middle_name: Optional[str]
    last_name: str
    username: str
    pwd_hash: str
    is_admin: bool

    @classmethod
    def from_raw(cls, raw: tuple):
        return cls(*raw) if raw else None

    @staticmethod
    async def get(conn: Connection, id_: int):
        async with conn.cursor() as cur:
            await cur.execute(
                'SELECT id, first_name, middle_name, last_name, '
                'username, pwd_hash, is_admin FROM users WHERE id = %s',
                (id_,),
            )
            return User.from_raw(await cur.fetchone())

    @staticmethod
    async def get_by_username(conn: Connection, username: str):
        async with conn.cursor() as cur:
            await cur.execute(
                'SELECT id, first_name, middle_name, last_name, '
                'username, pwd_hash, is_admin FROM users WHERE username = %s',
                (username,),
            )
            return User.from_raw(await cur.fetchone())

    def check_password(self, password: str):
        return self.pwd_hash == md5(password.encode('utf-8')).hexdigest()
from cryptography.hazmat.primitives import hashes
digest = hashes.Hash(hashes.MD5())
import hashlib

hashlib.new('md5')
hashlib.new('md4')


hashlib.md5("bla")

md = hashlib.md5()
md.update("foo")

Compliant Code Examples

import hashlib

hashlib.new('sha256')
hashlib.new('sha3_256')
from cryptography.hazmat.primitives import hashes
digest = hashes.Hash(hashes.SHA256())
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

シームレスな統合。 Datadog Code Security をお試しください