3pp-mirror/pushbits
1
0
Fork 0
mirror of https://github.com/pushbits/server.git synced 2025-06-05 20:22:01 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add semgrep-rules as submodule

Browse source
This commit is contained in:
eikendev 2022-02-13 21:00:06 +01:00
parent a75478f83b
commit 5267359a60
No known key found for this signature in database
GPG key ID: A1BDB1B28C8EF694
71 changed files with 23 additions and 2555 deletions
Download patch file Download diff file Expand all files Collapse all files

2
internal/authentication/credentials/hibp.go
View file

@ -21,7 +21,7 @@ func IsPasswordPwned(password string) (bool, error) {
return true, nil
}
// nosemgrep: tests.semgrep.go.lang.security.audit.crypto.insecure-module-used, tests.semgrep.go.lang.security.audit.crypto.use-of-sha1
// nosemgrep: tests.semgrep-rules.go.lang.security.audit.crypto.insecure-module-used, tests.semgrep-rules.go.lang.security.audit.crypto.use-of-sha1
hash := sha1.Sum([]byte(password)) //#nosec G401 -- False positive, only the first 5 bytes are transmitted.
hashStr := fmt.Sprintf("%X", hash)
lookup := hashStr[0:5]