mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2026-01-07 20:51:28 +00:00
29 lines
918 B
YAML
29 lines
918 B
YAML
# Copyright (c) HashiCorp, Inc.
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
rules:
|
|
- id: hash-sum-without-write
|
|
patterns:
|
|
- pattern-either:
|
|
- pattern: |
|
|
$HASH.New().Sum($SLICE)
|
|
- pattern: |
|
|
$H := $HASH.New()
|
|
...
|
|
$H.Sum($SLICE)
|
|
- pattern-not: |
|
|
$H := $HASH.New()
|
|
...
|
|
$H.Write(...)
|
|
...
|
|
$H.Sum($SLICE)
|
|
- pattern-not: |
|
|
$H := $HASH.New()
|
|
...
|
|
$FUNC(..., $H, ...)
|
|
...
|
|
$H.Sum($SLICE)
|
|
message: "odd hash.Sum call flow"
|
|
languages: [go]
|
|
severity: ERROR
|