Do not use insecure functions

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

ID: python-security/insecure-hash-functions

Language: Python

Severity: Warning

Category: Security

CWE: 327

Description

Do not use a broken or risky cryptographic algorithm. This exposes you to unwanted attacks.

It checks the following modules

Learn More

  • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
  • CWE-328 - Use of Weak Hash

Non-Compliant Code Examples

from cryptography.hazmat.primitives import hashes
digest = hashes.Hash(hashes.MD5())
from cryptography.hazmat.primitives import hashes
digest = hashes.Hash(hashes.MD5())
import hashlib

hashlib.new('md5')
hashlib.new('md4')


hashlib.md5("bla");
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

PREVIEWING: may/unit-testing