Merge "Add other known weak MD hash modules"

bandit/config/bandit.yaml

@@ -87,8 +87,8 @@ blacklist_calls:
             qualnames: [marshal.load, marshal.loads]
             message: "Deserialization with the marshal module is possibly dangerous."
         - md5:
-            qualnames: [hashlib.md5]
-            message: "Use of insecure MD5 hash function."
+            qualnames: [hashlib.md5, Crypto.Hash.MD2.new, Crypto.Hash.MD4.new, Crypto.Hash.MD5.new, cryptography.hazmat.primitives.hashes.MD5]
+            message: "Use of insecure MD2, MD4, or MD5 hash function."
         - mktemp_q:
             qualnames: [tempfile.mktemp]
             message: "Use of insecure and deprecated function (mktemp)."

examples/crypto-md5.py

@@ -1,3 +1,7 @@
+from cryptography.hazmat.primitives import hashes
+from Crypto.Hash import MD2 as pycrypto_md2
+from Crypto.Hash import MD4 as pycrypto_md4
+from Crypto.Hash import MD5 as pycrypto_md5
 import hashlib
 
 hashlib.md5(1)
@@ -6,3 +10,9 @@ hashlib.md5(1).hexdigest()
 abc = str.replace(hashlib.md5("1"), "###")
 
 print(hashlib.md5("1"))
+
+pycrypto_md2.new()
+pycrypto_md4.new()
+pycrypto_md5.new()
+
+hashes.MD5()

tests/test_functional.py

@@ -92,7 +92,7 @@ class FunctionalTests(unittest.TestCase):
 
     def test_crypto_md5(self):
         '''Test the `hashlib.md5` example.'''
-        expect = {'SEVERITY': {'MEDIUM': 4}, 'CONFIDENCE': {'HIGH': 4}}
+        expect = {'SEVERITY': {'MEDIUM': 8}, 'CONFIDENCE': {'HIGH': 8}}
         self.check_example('crypto-md5.py', expect)
 
     def test_eval(self):