gitlab.gosec.G401-1

unknown

Download Count*

License

Usage of a cryptographically insecure algorithm has been detected. It is recommended that alternative algorithms be used instead.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: gosec.G401-1
    patterns:
      - pattern-either:
          - pattern: |
              des.NewCipher(...)
          - pattern: |
              des.NewTripleDESCipher(...)
          - pattern: |
              md5.New()
          - pattern: |
              md5.Sum(...)
          - pattern: |
              rc4.NewCipher(...)
          - pattern: |
              sha1.New()
          - pattern: |
              sha1.Sum(...)
    message: |
      Usage of a cryptographically insecure algorithm has been detected. It
      is recommended that alternative algorithms be used instead.
    metadata:
      cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
      owasp: "A9: Using Components with Known Vulnerabilities"
      primary_identifier: gosec.G401-1
      secondary_identifiers:
        - name: Gosec Rule ID G401
          type: gosec_rule_id
          value: G401
      license: MIT
    severity: WARNING
    languages:
      - go

Short Link: https://sg.run/GOe6