1
0
mirror of https://github.com/securego/gosec.git synced 2025-07-07 00:35:35 +02:00

Add sha1 to weak crypto primitives

This commit is contained in:
Cosmin Cojocar
2018-08-08 16:38:57 +02:00
parent 90a1c1d625
commit fb0dc73a96
5 changed files with 56 additions and 0 deletions

View File

@ -633,6 +633,31 @@ func main() {
fmt.Printf("%x", h.Sum(nil))
}`, 1}}
// SampleCodeG401b - Use of weak crypto SHA1
SampleCodeG401b = []CodeSample{
{`
package main
import (
"crypto/sha1"
"fmt"
"io"
"log"
"os"
)
func main() {
f, err := os.Open("file.txt")
if err != nil {
log.Fatal(err)
}
defer f.Close()
h := sha1.New()
if _, err := io.Copy(h, f); err != nil {
log.Fatal(err)
}
fmt.Printf("%x", h.Sum(nil))
}`, 1}}
// SampleCodeG402 - TLS settings
SampleCodeG402 = []CodeSample{{`
// InsecureSkipVerify
@ -827,6 +852,20 @@ import (
)
func main() {
cgi.Serve(http.FileServer(http.Dir("/usr/share/doc")))
}`, 1}}
// SampleCodeG505 - Blacklisted import SHA1
SampleCodeG505 = []CodeSample{
{`
package main
import (
"crypto/sha1"
"fmt"
"os"
)
func main() {
for _, arg := range os.Args {
fmt.Printf("%x - %s\n", sha1.Sum([]byte(arg)), arg)
}
}`, 1}}
// SampleCode601 - Go build tags
SampleCode601 = []CodeSample{{`