Comment 1 for bug 1708582

Slightly tricky one this, as if we add hashlib.new , then Bandit will incorrectly report on legitimate crypto, such as `hash = hashlib.new('sha256')`

This would need us to be able to look beyond just the call and the calls content as well.