# The hash functions with md5, sha1, ripemd (128-bit), and sha should be highlighted,# as they are cryptographically weak and can be easily broken.defmoduleInsecureHashExampledo# Insecure hash function using MD5defpinsecure_hash_one(data)do# check this:cr.hash(data,:md5)|>Base.encode16(case::lower)end# Insecure hash function using sha1defpinsecure_hash_one(data)do# validate spacing :crypto.hash(data,:sha1)|>Base.encode16(case::lower)end# Spacing does not matter:crypto.hash(:md5,data)hex=Base.encode16(:crypto.hash(:ripemd160,data))
Compliant Code Examples
# The hash functions other than md5, sha1, ripemd (128-bit), and sha are not highlighted# as they are cryptographically strong and cannot be broken via standard hardware.defmodulePasswordComparedodefoption_one(password,md5_hash)docase:crypto.hash(:sha2,password)==md5_hashdotrue->:entry_granted_op1false->:entry_denied_op1endendenda=:crypto.hash(:sha3,something)
Seamless integrations. Try Datadog Code Security
Datadog Code Security
Try this rule and analyze your code with Datadog Code Security
How to use this rule
1
2
rulesets:- elixir-security # Rules to enforce Elixir security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Security scans to your CI pipelines