Python
/
ruff
mirror of https://github.com/astral-sh/ruff
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[`flake8-bandit`] Clarify the supported hashing functions (`S324`) (#20534) 

## Summary

Fixes #16572

---------

Co-authored-by: Brent Westbrook <brentrwestbrook@gmail.com>
This commit is contained in:
Dan Parizher 2025-09-24 16:10:23 -04:00 committed by GitHub
parent 0e83af0b80
commit c361e2f759
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
crates/ruff_linter/src/rules/flake8_bandit/rules/hashlib_insecure_hash_functions.rs
View File

@ -23,6 +23,17 @@ use crate::rules::flake8_bandit::helpers::string_literal;
/// Avoid using weak or broken cryptographic hash functions in security /// Avoid using weak or broken cryptographic hash functions in security
/// contexts. Instead, use a known secure hash function such as SHA256. /// contexts. Instead, use a known secure hash function such as SHA256.
/// ///
/// Note: This rule targets the following weak algorithm names in `hashlib`:
/// `md4`, `md5`, `sha`, and `sha1`. It also flags uses of `crypt.crypt` and
/// `crypt.mksalt` when configured with `METHOD_CRYPT`, `METHOD_MD5`, or
/// `METHOD_BLOWFISH`.
///
/// It does not attempt to lint OpenSSL- or platform-specific aliases and OIDs
/// (for example: `"sha-1"`, `"ssl3-sha1"`, `"ssl3-md5"`, or
/// `"1.3.14.3.2.26"`), nor variations with trailing spaces, as the set of
/// accepted aliases depends on the underlying OpenSSL version and varies across
/// platforms and Python builds.
///
/// ## Example /// ## Example
/// ```python /// ```python
/// import hashlib /// import hashlib