Merge "Add other known weak MD hash modules"
This commit is contained in:
commit
3b6acb7302
@ -87,8 +87,8 @@ blacklist_calls:
|
||||
qualnames: [marshal.load, marshal.loads]
|
||||
message: "Deserialization with the marshal module is possibly dangerous."
|
||||
- md5:
|
||||
qualnames: [hashlib.md5]
|
||||
message: "Use of insecure MD5 hash function."
|
||||
qualnames: [hashlib.md5, Crypto.Hash.MD2.new, Crypto.Hash.MD4.new, Crypto.Hash.MD5.new, cryptography.hazmat.primitives.hashes.MD5]
|
||||
message: "Use of insecure MD2, MD4, or MD5 hash function."
|
||||
- mktemp_q:
|
||||
qualnames: [tempfile.mktemp]
|
||||
message: "Use of insecure and deprecated function (mktemp)."
|
||||
|
@ -1,3 +1,7 @@
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from Crypto.Hash import MD2 as pycrypto_md2
|
||||
from Crypto.Hash import MD4 as pycrypto_md4
|
||||
from Crypto.Hash import MD5 as pycrypto_md5
|
||||
import hashlib
|
||||
|
||||
hashlib.md5(1)
|
||||
@ -6,3 +10,9 @@ hashlib.md5(1).hexdigest()
|
||||
abc = str.replace(hashlib.md5("1"), "###")
|
||||
|
||||
print(hashlib.md5("1"))
|
||||
|
||||
pycrypto_md2.new()
|
||||
pycrypto_md4.new()
|
||||
pycrypto_md5.new()
|
||||
|
||||
hashes.MD5()
|
||||
|
@ -92,7 +92,7 @@ class FunctionalTests(unittest.TestCase):
|
||||
|
||||
def test_crypto_md5(self):
|
||||
'''Test the `hashlib.md5` example.'''
|
||||
expect = {'SEVERITY': {'MEDIUM': 4}, 'CONFIDENCE': {'HIGH': 4}}
|
||||
expect = {'SEVERITY': {'MEDIUM': 8}, 'CONFIDENCE': {'HIGH': 8}}
|
||||
self.check_example('crypto-md5.py', expect)
|
||||
|
||||
def test_eval(self):
|
||||
|
Loading…
Reference in New Issue
Block a user