Skip to content

bandit scan issue: Use of weak SHA1 hash for security.

bandit scan is showing a potential issue with Severity: High, Confidence: High

check the scan log for detail.

Run started:2023-12-18 22:51:23.816146

Test results:
>> Issue: [B324:hashlib] Use of weak SHA1 hash for security. Consider usedforsecurity=False
   Severity: High   Confidence: High
   CWE: CWE-327 (https://cwe.mitre.org/data/definitions/327.html)
   More Info: https://bandit.readthedocs.io/en/1.7.6/plugins/b324_hashlib.html
   Location: /Users/solxget/OSDU-clean/os-policy-service/app/api/policy_read_api.py:317:23
316	                data = opa_response.json["result"]["raw"]
317	                sha1 = hashlib.sha1(data.encode()).hexdigest()
318	                response.headers["X-SHA-1"] = sha1

--------------------------------------------------
>> Issue: [B324:hashlib] Use of weak SHA1 hash for security. Consider usedforsecurity=False
   Severity: High   Confidence: High
   CWE: CWE-327 (https://cwe.mitre.org/data/definitions/327.html)
   More Info: https://bandit.readthedocs.io/en/1.7.6/plugins/b324_hashlib.html
   Location: /Users/solxget/OSDU-clean/os-policy-service/app/api/policy_update_api.py:325:11
324	
325	    sha1 = hashlib.sha1(contents.decode("utf-8").encode()).hexdigest()
326	    response.headers["X-SHA-1"] = sha1

--------------------------------------------------
>> Issue: [B324:hashlib] Use of weak SHA1 hash for security. Consider usedforsecurity=False
   Severity: High   Confidence: High
   CWE: CWE-327 (https://cwe.mitre.org/data/definitions/327.html)
   More Info: https://bandit.readthedocs.io/en/1.7.6/plugins/b324_hashlib.html
   Location: /Users/solxget/OSDU-clean/os-policy-service/app/api/validate_api.py:96:15
95	    ):
96	        sha1 = hashlib.sha1(data.encode()).hexdigest()
97	        response.headers["X-SHA-1"] = sha1

--------------------------------------------------
>> Issue: [B324:hashlib] Use of weak SHA1 hash for security. Consider usedforsecurity=False
   Severity: High   Confidence: High
   CWE: CWE-327 (https://cwe.mitre.org/data/definitions/327.html)
   More Info: https://bandit.readthedocs.io/en/1.7.6/plugins/b324_hashlib.html
   Location: /Users/solxget/OSDU-clean/os-policy-service/app/bundles/bundle.py:156:44
155	                            contents = f.read()
156	                            existing_sha1 = hashlib.sha1(contents).hexdigest()
157	                            updated_existing = True

--------------------------------------------------
>> Issue: [B324:hashlib] Use of weak SHA1 hash for security. Consider usedforsecurity=False
   Severity: High   Confidence: High
   CWE: CWE-327 (https://cwe.mitre.org/data/definitions/327.html)
   More Info: https://bandit.readthedocs.io/en/1.7.6/plugins/b324_hashlib.html
   Location: /Users/solxget/OSDU-clean/os-policy-service/app/bundles/bundle.py:161:35
160	                if updated_existing:
161	                    updated_sha1 = hashlib.sha1(policy).hexdigest()
162	                    if existing_sha1 == updated_sha1:

--------------------------------------------------

Code scanned:
	Total lines of code: 7294
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 138
		Medium: 34
		High: 6
	Total issues (by confidence):
		Undefined: 0
		Low: 33
		Medium: 3
		High: 142
Files skipped (0):