4354a648ed
* build(deps): bump github.com/securego/gosec/v2 from 2.3.0 to 2.4.0 Bumps [github.com/securego/gosec/v2](https://github.com/securego/gosec) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](https://github.com/securego/gosec/compare/v2.3.0...v2.4.0) Signed-off-by: dependabot[bot] <support@github.com> * Rename Blacklisted -> Blocklisted Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sergey Vilgelm <sergey.vilgelm@ibm.com>
39 lines
701 B
Go
39 lines
701 B
Go
//args: -Egosec
|
|
package testdata
|
|
|
|
import (
|
|
"crypto/md5" // ERROR "G501: Blocklisted import crypto/md5: weak cryptographic primitive"
|
|
"fmt"
|
|
"log"
|
|
"os"
|
|
"os/exec"
|
|
)
|
|
|
|
func Gosec() {
|
|
h := md5.New() // ERROR "G401: Use of weak cryptographic primitive"
|
|
log.Print(h)
|
|
}
|
|
|
|
func GosecNolintGas() {
|
|
h := md5.New() //nolint:gas
|
|
log.Print(h)
|
|
}
|
|
|
|
func GosecNolintGosec() {
|
|
h := md5.New() //nolint:gosec
|
|
log.Print(h)
|
|
}
|
|
|
|
func GosecNoErrorCheckingByDefault() {
|
|
f, _ := os.Create("foo")
|
|
fmt.Println(f)
|
|
}
|
|
|
|
func GosecG204SubprocWithFunc() {
|
|
arg := func() string {
|
|
return "/tmp/dummy"
|
|
}
|
|
|
|
exec.Command("ls", arg()).Run() // ERROR "G204: Subprocess launched with function call as argument or cmd arguments"
|
|
}
|