S324 Test use of insecure md4, md5, or sha1 hash functions in hashlib.new()
This plugin checks for the usage of the insecure MD4, MD5, or SHA1 hash
hashlib.new function. The
hashlib.new function provides
the ability to construct a new hashing object using the named algorithm.
This can be used to create insecure hash functions like MD4 and MD5 if
they are passed as algorithm names to this function.
This is similar to B303 blacklist check, except that this checks for
insecure hash functions created using
- >> Issue: [B324:hashlib_new] Use of insecure MD4 or MD5 hash function.
Severity: Medium Confidence: High Location: examples/hashlib_new_insecure_funcs.py:3
2 3 md5_hash = hashlib.new('md5', string='test') 4 print(md5_hash)