dgryski.semgrep-go.hashsum.hash-sum-without-write

profile photo of dgryskidgryski
Author
581
Download Count*
MIT
License

odd hash.Sum call flow

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: hash-sum-without-write
    patterns:
      - pattern-either:
          - pattern: |
              $HASH.New().Sum($SLICE)
          - pattern: |
              $H := $HASH.New()
              ...
              $H.Sum($SLICE)
      - pattern-not: |
          $H := $HASH.New()
          ...
          $H.Write(...)
          ...
          $H.Sum($SLICE)
      - pattern-not: |
          $H := $HASH.New()
          ...
          $FUNC(..., $H, ...)
          ...
          $H.Sum($SLICE)
    message: odd hash.Sum call flow
    languages:
      - go
    severity: ERROR
    metadata:
      license: MIT