Add AvoidUsingBrokenHashAlgorithms by MJVL · Pull Request #1787 · PowerShell/PSScriptAnalyzer
PR Summary
This adds a new rule: AvoidUsingBrokenHashAlgorithms.
This rule searches for use of SHA-1 or MD5 within -Algorithm parameters. This mainly serves to flag use with Get-FileHash, but also works for other cmdlets which may use the same parameter scheme. Should other algorithms in the future be deemed insecure, it would be trivial to add them.
At this point both of these algorithms are broken (Microsoft SDL has labeled them as such since 2009), so I think it would be worthwhile to flag these, such that new code doesn't use these algorithms except when needed for backwards compatability.
PR Checklist
- PR has a meaningful title
- Use the present tense and imperative mood when describing your changes
- Summarized changes
- Change is not breaking
- Make sure all
.cs,.ps1and.psm1files have the correct copyright header - Make sure you've added a new test if existing tests do not effectively test the code changed and/or updated documentation
- This PR is ready to merge and is not Work in Progress.
- If the PR is work in progress, please add the prefix
WIP:to the beginning of the title and remove the prefix when the PR is ready.
- If the PR is work in progress, please add the prefix