7e0abe3c7e
* add semgrep yml * add semgrep ci job * remove replication semgrep rule in oss * fix makefile * add semgrep to ci * upwind triple if in ui.go semgrep refactoring
20 lines
572 B
YAML
20 lines
572 B
YAML
rules:
|
|
- id: use-hmac-equal
|
|
patterns:
|
|
- pattern-either:
|
|
- pattern: |
|
|
$MAC = hmac.New(...)
|
|
...
|
|
$H = $MAC.Sum(...)
|
|
...
|
|
bytes.Equal($H, ...)
|
|
- pattern: |
|
|
$MAC = hmac.New(...)
|
|
...
|
|
$H = $MAC.Sum(...)
|
|
...
|
|
bytes.Equal(..., $H)
|
|
message: "Comparing a MAC with bytes.Equal()"
|
|
languages: [go]
|
|
severity: ERROR
|