Skip to content

semgrep_id:bandit.B303-1:70:70

{
  "id": "2ff29c161a7de1be9770119886b03add9096aae99b7bb538095bd544567df71c",
  "category": "sast",
  "name": "Use of a broken or risky cryptographic algorithm",
  "description": "The application was found using an insecure or risky digest or signature algorithm. MD2, MD4,\n MD5  and SHA1 hash algorithms have been found to be vulnerable to producing collisions.\n\nThis means\nthat two different values, when hashed, can lead to the same hash value. If the application is\ntrying\nto use these hash methods for storing passwords, then it is recommended to switch to a\npassword hashing\nalgorithm such as Argon2id or PBKDF2.\n\nNote that the `Crypto` and `Cryptodome` Python packages are no longer recommended for\nnew applications, instead consider using the [cryptography](https://cryptography.io/) package.\n\nExample of creating a SHA-384 hash using the `cryptography` package:\n```\nfrom cryptography.hazmat.primitives import hashes\n# Create a SHA384 digest\ndigest = hashes.Hash(hashes.SHA384())\n# Update the digest with some initial data\ndigest.update(b\"some data to hash\")\n# Add more data to the digest\ndigest.update(b\"some more data\")\n# Finalize the digest as bytes\nresult = digest.finalize()\n```\n\nFor more information on secure password storage see OWASP:\n- https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html\n\nFor more information on the cryptography module see:\n- https://cryptography.io/en/latest/\n",
  "cve": "semgrep_id:bandit.B303-1:70:70",
  "severity": "Medium",
  "scanner": {
    "id": "semgrep",
    "name": "Semgrep"
  },
  "location": {
    "file": "wodles/azure/azure_services/graph.py",
    "start_line": 70
  },
  "identifiers": [
    {
      "type": "semgrep_id",
      "name": "bandit.B303-1",
      "value": "bandit.B303-1",
      "url": "https://semgrep.dev/r/gitlab.bandit.B303-1"
    },
    {
      "type": "cwe",
      "name": "CWE-327",
      "value": "327",
      "url": "https://cwe.mitre.org/data/definitions/327.html"
    },
    {
      "type": "owasp",
      "name": "A02:2021 - Cryptographic Failures",
      "value": "A02:2021"
    },
    {
      "type": "owasp",
      "name": "A3:2017 - Sensitive Data Exposure",
      "value": "A3:2017"
    },
    {
      "type": "bandit_test_id",
      "name": "Bandit Test ID B303",
      "value": "B303"
    }
  ]
}