Home

SHA-1 and Message-Digest hash algorithms should not be used in secure contexts

Rule description

  • SHA-1 and Message-Digest hash algorithms should not be used in secure contexts

 

Non-compliant Code Example

global function string callMD5 (integer id)
Blob lblb_data
Blob lblb_md5
lblb_data = Blob("Test MD5", EncodingANSI!)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

// Encrypt with MD5
lblb_md5 = lnv_CrypterObject.MD5(lblb_data) // MD5 is not compliance

Return ""
end function
global function string testSHA (string text)

Blob lblb_data
Blob lblb_sha1
string ls_result

lblb_data = Blob(text, EncodingANSI!)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

// Encrypt with SHA
lblb_sha1= lnv_CrypterObject.SHA(SHA1!, lblb_data) // SHA1! is not compliance

ls_result = string(lblb_sha1, EncodingANSI!)

Return ls_result
end function
Visual Expert 2020
 VEPBRULE28