gitlab.gosec.G505-1

unknown

Download Count*

License

The SHA-1 message-digest algorithm has been cryptographically broken and is unsuitable for further use. It is recommended that the SHA-3, or BLAKE2 family of algorithms be used for non-password based cryptographic hashes instead. For password based cryptographic hashes, consider using the bcrypt or Argon2 family of cryptographic hashes.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: gosec.G505-1
    patterns:
      - pattern: |
          import "crypto/sha1"
    message: >
      The SHA-1 message-digest algorithm has been cryptographically broken and

      is unsuitable for further use. It is recommended that the SHA-3, or BLAKE2 family

      of algorithms be used for non-password based cryptographic hashes instead. For

      password based cryptographic hashes, consider using the bcrypt or Argon2 family

      of cryptographic hashes.
    metadata:
      cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
      owasp: "A9: Using Components with Known Vulnerabilities"
      primary_identifier: gosec.G505-1
      secondary_identifiers:
        - name: Gosec Rule ID G505
          type: gosec_rule_id
          value: G505
      license: MIT
    severity: WARNING
    languages:
      - go

Short Link: https://sg.run/PbJv