You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This flags every single use of MD5 as a cryptography problem.
MD5 exists for a reason an it's entirely inappropriate to flag any and every usage of it as a cryptographic usage
It is intended to be a lighter weight, simpler algorithm. Using it at all should not be a flag. there are plenty of legitimate use cases that have nothing to do with security
example:
this sorting algorithm has nothing to do with security and absolutely does not need the heavier implementation of an SHA1 hash
The text was updated successfully, but these errors were encountered:
Thank you for reporting this. We are aware of an increased amount of alerts caused by recent changes to this query, and a currently working on a fix. We realize this may be disruptive to your workflow at this time, so this has a high priority for us.
If you need guidance on dismissing the existing alerts or exclusion logic, please let us know and someone from our team will assist here.
Description of the false positive
https://github.com/github/codeql/blob/a520de3986987baf4c5f846bd82bf68536ae042c/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.ql
This flags every single use of MD5 as a cryptography problem.
MD5 exists for a reason an it's entirely inappropriate to flag any and every usage of it as a cryptographic usage
It is intended to be a lighter weight, simpler algorithm. Using it at all should not be a flag. there are plenty of legitimate use cases that have nothing to do with security
example:
this sorting algorithm has nothing to do with security and absolutely does not need the heavier implementation of an SHA1 hash
The text was updated successfully, but these errors were encountered: