gitlab.gosec.G503-1

unknown

Download Count*

License

The RC4 stream-cipher has been cryptographically broken and is unsuitable for use in production. It is recommended that ChaCha20 or Advanced Encryption Standard (AES) be used instead.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: gosec.G503-1
    patterns:
      - pattern: |
          import "crypto/rc4"
    message: >
      The RC4 stream-cipher has been cryptographically broken and is unsuitable

      for use in production. It is recommended that ChaCha20 or Advanced Encryption

      Standard (AES) be used instead.
    metadata:
      cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
      owasp: "A9: Using Components with Known Vulnerabilities"
      primary_identifier: gosec.G503-1
      secondary_identifiers:
        - name: Gosec Rule ID G503
          type: gosec_rule_id
          value: G503
      license: MIT
    severity: WARNING
    languages:
      - go

Short Link: https://sg.run/4ex9