S324 false negative on mixed-case hash algorithm names

[dscorbett]

Summary

hashlib.new interprets the algorithm name case-insensitively. hashlib-insecure-hash-function (S324) recognizes lowercase and uppercase names, but not mixed-case names.

$ cat >s324.py <<'# EOF'
import hashlib
print(hashlib.new("Md5").hexdigest())
# EOF

$ python s324.py
d41d8cd98f00b204e9800998ecf8427e

$ ruff check --isolated --select S324 s324.py
All checks passed!

Version

No response

[VascoSch92]

If no one is taking this, I can do it. It should be quick! 😉

[ntBre]

I think this was closed by #16552 🎉