Skip to content

Commit 09a6ace

Browse files
ericwbericwb
authored
Inaccurate message in hashlib check (#827)
The hashlib function does not actually check for md2 as the docs and message claims. Besides, md2 is a very old hash not found in any Python 3.x version we support. Signed-off-by: Eric Brown <[email protected]>
1 parent 8bad6fa commit 09a6ace

File tree

1 file changed

+6
-7
lines changed

1 file changed

+6
-7
lines changed

bandit/plugins/hashlib_insecure_functions.py

+6-7
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
2020
:Example:
2121
22-
>> Issue: [B324:hashlib] Use of weak MD2, MD4, MD5, or SHA1 hash for
22+
>> Issue: [B324:hashlib] Use of weak MD4, MD5, or SHA1 hash for
2323
security. Consider usedforsecurity=False
2424
Severity: High Confidence: High
2525
CWE: CWE-327 (https://cwe.mitre.org/data/definitions/327.html)
@@ -62,8 +62,8 @@ def _hashlib_func(context):
6262
severity=bandit.HIGH,
6363
confidence=bandit.HIGH,
6464
cwe=issue.Cwe.BROKEN_CRYPTO,
65-
text="Use of weak MD2, MD4, MD5, or SHA1 hash "
66-
"for security. Consider usedforsecurity=False",
65+
text="Use of weak MD4, MD5, or SHA1 hash for "
66+
"security. Consider usedforsecurity=False",
6767
lineno=context.node.lineno,
6868
)
6969
elif func == "new":
@@ -78,8 +78,8 @@ def _hashlib_func(context):
7878
severity=bandit.HIGH,
7979
confidence=bandit.HIGH,
8080
cwe=issue.Cwe.BROKEN_CRYPTO,
81-
text="Use of weak MD2, MD4, MD5, or SHA1 hash "
82-
"for security. Consider usedforsecurity=False",
81+
text="Use of weak MD4, MD5, or SHA1 hash for "
82+
"security. Consider usedforsecurity=False",
8383
lineno=context.node.lineno,
8484
)
8585

@@ -103,8 +103,7 @@ def _hashlib_new(context):
103103
severity=bandit.MEDIUM,
104104
confidence=bandit.HIGH,
105105
cwe=issue.Cwe.BROKEN_CRYPTO,
106-
text="Use of insecure MD2, MD4, MD5, or SHA1 hash "
107-
"function.",
106+
text="Use of insecure MD4, MD5, or SHA1 hash function.",
108107
lineno=context.node.lineno,
109108
)
110109

0 commit comments

Comments
 (0)