Do not use insecure functions
This product is not supported for your selected
Datadog site. (
).
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: python-security/insecure-hash-functions
Language: Python
Severity: Warning
Category: Security
CWE: 327
Description
Do not use a broken or risky cryptographic algorithm. This exposes you to unwanted attacks.
It checks the following modules
Learn More
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
- CWE-328 - Use of Weak Hash
Non-Compliant Code Examples
from hashlib import md5
from typing import NamedTuple, Optional
from aiopg import Connection
class User(NamedTuple):
id: int
first_name: str
middle_name: Optional[str]
last_name: str
username: str
pwd_hash: str
is_admin: bool
@classmethod
def from_raw(cls, raw: tuple):
return cls(*raw) if raw else None
@staticmethod
async def get(conn: Connection, id_: int):
async with conn.cursor() as cur:
await cur.execute(
'SELECT id, first_name, middle_name, last_name, '
'username, pwd_hash, is_admin FROM users WHERE id = %s',
(id_,),
)
return User.from_raw(await cur.fetchone())
@staticmethod
async def get_by_username(conn: Connection, username: str):
async with conn.cursor() as cur:
await cur.execute(
'SELECT id, first_name, middle_name, last_name, '
'username, pwd_hash, is_admin FROM users WHERE username = %s',
(username,),
)
return User.from_raw(await cur.fetchone())
def check_password(self, password: str):
return self.pwd_hash == md5(password.encode('utf-8')).hexdigest()
from cryptography.hazmat.primitives import hashes
digest = hashes.Hash(hashes.MD5())
import hashlib
hashlib.new('md5')
hashlib.new('md4')
hashlib.md5("bla")
md = hashlib.md5()
md.update("foo")
Compliant Code Examples
import hashlib
hashlib.new('sha256')
hashlib.new('sha3_256')
from cryptography.hazmat.primitives import hashes
digest = hashes.Hash(hashes.SHA256())
シームレスな統合。 Datadog Code Security をお試しください