dgryski.semgrep-go.hmac-bytes.use-hmac-equal

dgryski

Author

581

Download Count*

MIT

License

Comparing a MAC with bytes.Equal()

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: use-hmac-equal
    patterns:
      - pattern-either:
          - pattern: |
              $MAC = hmac.New(...)
              ...
              $H = $MAC.Sum(...)
              ...
              bytes.Equal($H, ...)
          - pattern: |
              $MAC = hmac.New(...)
              ...
              $H = $MAC.Sum(...)
              ...
              bytes.Equal(..., $H)
    message: Comparing a MAC with bytes.Equal()
    languages:
      - go
    severity: ERROR
    metadata:
      license: MIT

Short Link: https://sg.run/Avng