# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # {fact rule=insecure-hashing@v1.0 defects=1} def hashing_noncompliant(): import hashlib from hashlib import pbkdf2_hmac # Noncompliant: insecure hashing algorithm used. derivedkey = hashlib.pbkdf2_hmac('sha224', password, salt, 100000) derivedkey.hex() # {/fact} # {fact rule=insecure-hashing@v1.0 defects=0} def hashing_compliant(): import hashlib from hashlib import pbkdf2_hmac # Compliant: secure hashing algorithm used. derivedkey = hashlib.pbkdf2_hmac('sha256', password, salt, 100000) derivedkey.hex() # {/fact}