>/iSrSSKrSSKJr SSKJr SrSrSrSr \R"S 5\R"S 5S 55r g) a ====================================================================== B324: Test use of insecure md4, md5, or sha1 hash functions in hashlib ====================================================================== This plugin checks for the usage of the insecure MD4, MD5, or SHA1 hash functions in ``hashlib`` and ``crypt``. The ``hashlib.new`` function provides the ability to construct a new hashing object using the named algorithm. This can be used to create insecure hash functions like MD4 and MD5 if they are passed as algorithm names to this function. This check does additional checking for usage of keyword usedforsecurity on all function variations of hashlib. Similar to ``hashlib``, this plugin also checks for usage of one of the ``crypt`` module's weak hashes. ``crypt`` also permits MD5 among other weak hash variants. :Example: .. code-block:: none >> Issue: [B324:hashlib] Use of weak MD4, MD5, or SHA1 hash for security. Consider usedforsecurity=False Severity: High Confidence: High CWE: CWE-327 (https://cwe.mitre.org/data/definitions/327.html) Location: examples/hashlib_new_insecure_functions.py:3:0 More Info: https://bandit.readthedocs.io/en/latest/plugins/b324_hashlib.html 2 3 hashlib.new('md5') 4 .. seealso:: - https://cwe.mitre.org/data/definitions/327.html .. versionadded:: 1.5.0 .. versionchanged:: 1.7.3 CWE information added .. versionchanged:: 1.7.6 Added check for the crypt module weak hashes N)issue)test_properties)md4md5shasha1) METHOD_CRYPT METHOD_MD5METHOD_BLOWFISHcURnU[;aURSS5S:Xar[R"[R [R [ RRSUR5S3URRS9$gUS:XaURnU(aUSOURSS5n[U[5(aUR5[;aURSS5S:Xar[R"[R [R [ RRSUR5S3URRS9$gggg) NusedforsecurityTruez Use of weak z2 hash for security. Consider usedforsecurity=Falseseverity confidencecwetextlinenonewrname) call_keywords WEAK_HASHESgetbanditIssueHIGHrCwe BROKEN_CRYPTOuppernoder call_args isinstancestrlower)contextfunckeywordsargsrs c/home/james-whalen/.local/lib/python3.13/site-packages/bandit/plugins/hashlib_insecure_functions.py _hashlib_funcr*8s<$$H { <<)6 2f <<<!;;II++#DJJL>211||**   =   tAwHLL$> dC TZZ\[%@||-v6&@||#[[%{{ //' ~6??"<<.. A&A  c URnURnUS:Xa[U5S:aUSOURSS5n[ U[ 5(a}U[ ;ar[R"[R[R[RRSUR5S3URR S9$ggUS:XaU(aUSOURS S5n[ U[ 5(a}U[ ;ar[R"[R[R[RRSUR5S3URR S9$ggg) NcryptsaltzUse of insecure crypt.z hash function.rmksaltrmethod)r!rlenrr"r#WEAK_CRYPT_HASHESrrMEDIUMrrrrrr r)r%r&r(r'rs r) _crypt_cryptr5Ts6   D$$H wd)a-tAwX\\&$-G dC T->%><<!;;II++-djjl^?K||**  &?   tAwHLL4$@ dC T->%><<!;;II++-djjl^?K||**  &?  r+B324Callc[UR[5(aJURRS5nUSnSU;a [ X5$SU;aUS;a [ X5$ggg)N.hashlibr-)r-r0)r"call_function_name_qualr#splitr*r5)r% qualname_listr&s r)r;r;nss'1137777==cB R   % / /  %$2E*E. .+F %8r+) __doc__r bandit.corerrtestrr3r*r5test_idchecksr;r+r)rEsY,Z/+ E84fV / /r+