deb.open-vault/tools/semgrep/ci/hmac-bytes.yml

# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0

rules:
  - id: use-hmac-equal
    patterns:
        - pattern-either:
              - pattern: |
                      $MAC = hmac.New(...)
                      ...
                      $H = $MAC.Sum(...)
                      ...
                      bytes.Equal($H, ...)
              - pattern: |
                      $MAC = hmac.New(...)
                      ...
                      $H = $MAC.Sum(...)
                      ...
                      bytes.Equal(..., $H)
    message: "Comparing a MAC with bytes.Equal()"
    languages: [go]
    severity: ERROR
New upstream version 1.14.8 2024-04-20 12:23:50 +00:00			`# Copyright (c) HashiCorp, Inc.`
			`# SPDX-License-Identifier: MPL-2.0`

			`rules:`
			`- id: use-hmac-equal`
			`patterns:`
			`- pattern-either:`
			`- pattern: \|`
			`$MAC = hmac.New(...)`
			`...`
			`$H = $MAC.Sum(...)`
			`...`
			`bytes.Equal($H, ...)`
			`- pattern: \|`
			`$MAC = hmac.New(...)`
			`...`
			`$H = $MAC.Sum(...)`
			`...`
			`bytes.Equal(..., $H)`
			`message: "Comparing a MAC with bytes.Equal()"`
			`languages: [go]`
			`severity: ERROR`