You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The hashlib_insecure_functions module is missing documentation. More
than likely this is a result of having checks in blacklist for hashlib
and also a plugin. The blacklists have a reserved Id range of 3xx, which
is what this plugin is using.
Near term, this change publishes a page for B324 hashlib plugin. Longer
term, the bandit Id should be migrated out of the 3xx group to something
more appropriate.
Closes#559
Signed-off-by: Eric Brown <browne@vmware.com>
This issue is still present since the output gives:
>> Issue: [B324:hashlib] Use of weak MD4, MD5, or SHA1 hash for security. Consider usedforsecurity=False
Severity: High Confidence: High
CWE: CWE-327 (https://cwe.mitre.org/data/definitions/327.html)
Location: src/a.py
More Info: https://bandit.readthedocs.io/en/1.7.4/plugins/b324_hashlib.html
Describe the bug
The doc for B324 hashlib_new is not included as part of:
https://bandit.readthedocs.io/en/latest/plugins/index.html
This may be because 3xx is for blacklist, yet this is a plugin.
To Reproduce
Steps to reproduce the behavior:
Note, it is not listed here either:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html
Expected behavior
Output of command
bandit -h
showsBut it's not documented in the help docs
Bandit version
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: