rspec/rules/S2257/python/rule.adoc

The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like ``++Argon2PasswordHasher++``, ``++BCryptPasswordHasher++``, ... should be used instead.


This rule tracks creation of ``++BasePasswordHasher++`` subclasses for Django applications.

include::../recommended.adoc[]

== Sensitive Code Example

----
class CustomPasswordHasher(BasePasswordHasher):  # Sensitive
    # ...
----

== See

* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
* http://cwe.mitre.org/data/definitions/327.html[CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like ``++Argon2PasswordHasher++``, ``++BCryptPasswordHasher++``, ... should be used instead.
Nightly update 2021-01-20 04:06:26 +00:00
Force linebreaks 2021-02-02 15:02:10 +01:00
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			This rule tracks creation of ``++BasePasswordHasher++`` subclasses for Django applications.
Nightly update 2021-01-20 04:06:26 +00:00
			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`----`
			`class CustomPasswordHasher(BasePasswordHasher): # Sensitive`
			`# ...`
			`----`

			`== See`

			`* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure`
			`* http://cwe.mitre.org/data/definitions/327.html[CWE-327] - Use of a Broken or Risky Cryptographic Algorithm`
			`* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses`