2023-03-15 16:00:52 +00:00
|
|
|
# Copyright (c) HashiCorp, Inc.
|
|
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2022-03-18 18:14:03 +00:00
|
|
|
rules:
|
|
|
|
- id: hash-sum-without-write
|
|
|
|
patterns:
|
|
|
|
- pattern-either:
|
|
|
|
- pattern: |
|
|
|
|
$HASH.New().Sum($SLICE)
|
|
|
|
- pattern: |
|
|
|
|
$H := $HASH.New()
|
|
|
|
...
|
|
|
|
$H.Sum($SLICE)
|
|
|
|
- pattern-not: |
|
|
|
|
$H := $HASH.New()
|
|
|
|
...
|
|
|
|
$H.Write(...)
|
|
|
|
...
|
|
|
|
$H.Sum($SLICE)
|
|
|
|
- pattern-not: |
|
|
|
|
$H := $HASH.New()
|
|
|
|
...
|
|
|
|
$FUNC(..., $H, ...)
|
|
|
|
...
|
|
|
|
$H.Sum($SLICE)
|
|
|
|
message: "odd hash.Sum call flow"
|
|
|
|
languages: [go]
|
|
|
|
severity: ERROR
|