3pp-mirror/pushbits
1
0
Fork 0
mirror of https://github.com/pushbits/server.git synced 2025-05-31 17:56:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add scans with gosec

Browse source
This commit is contained in:
eikendev 2022-02-13 15:06:54 +01:00
parent 56f39cf64c
commit 5cd3627dc6
No known key found for this signature in database
GPG key ID: A1BDB1B28C8EF694
8 changed files with 47 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

4
internal/authentication/credentials/hibp.go
View file

@ -1,7 +1,7 @@
package credentials
import (
"crypto/sha1"
"crypto/sha1" //#nosec G505 -- False positive, see the use below.
"fmt"
"io/ioutil"
"log"
@ -21,7 +21,7 @@ func IsPasswordPwned(password string) (bool, error) {
return true, nil
}
hash := sha1.Sum([]byte(password))
hash := sha1.Sum([]byte(password)) //#nosec G401 -- False positive, only the first 5 bytes are transmitted.
hashStr := fmt.Sprintf("%X", hash)
lookup := hashStr[0:5]
match := hashStr[5:]