Detected use of an insecure `MD4` or `MD5` hash function and replace with `SHA256`

Python pattern

Identified the utilization of an insecure MD4 or MD5 hash function, both of which have well-documented vulnerabilities and are deemed deprecated. It is recommended to replace them with more secure options such as SHA256 or a comparable hash function for improved security.

references

Detected use of an insecure MD4 or MD5 hash function

BAD: insecure-hash-function

BEFORE
import hashlib

hashlib.new("md5")

hashlib.new('md4', 'test')

hashlib.new(name='md5', string='test')

hashlib.new('MD4', string='test')

hashlib.new(string='test', name='MD5')
AFTER
import hashlib

hashlib.new('sha256')

hashlib.new('sha256', 'test')

hashlib.new(name='sha256', string='test')

hashlib.new('sha256', string='test')

hashlib.new(string='test', name='sha256')

GOOD: secure-hash-function

PYTHON
hashlib.new('sha256')

hashlib.new('SHA512')