rspec/rules/S4790/go/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

[source,go,diff-id=1,diff-type=noncompliant]
----
import (
    "crypto"
    "fmt"
)

func calculateHash(data []byte) string {
    hashInstance := crypto.Hash.New(crypto.MD5) // Sensitive
    hashInstance.Write(data)
    hash := hashInstance.Sum(nil)
    return fmt.Sprintf("%x", hash)
}
----

[source,go,diff-id=2,diff-type=noncompliant]
----
import (
    "crypto/sha1"
    "fmt"
)

func calculateHash(data []byte) string {
    hash := sha1.Sum(data) // Sensitive
    return fmt.Sprintf("%x", hash)
}
----

== Compliant Solution

[source,go,diff-id=1,diff-type=compliant]
----
import (
    "crypto"
    "fmt"
)

func calculateHash(data []byte) string {
    hashInstance := crypto.Hash.New(crypto.SHA256) // Compliant
    hashInstance.Write(data)
    hash := hashInstance.Sum(nil)
    return fmt.Sprintf("%x", hash)
}
----

[source,go,diff-id=2,diff-type=compliant]
----
import (
    "crypto/sha512"
    "fmt"
)

func calculateHash(data []byte) string {
    hash := sha512.Sum512(data) // Compliant
    return fmt.Sprintf("%x", hash)
}
----


include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]