diff --git a/.envrc.example b/.envrc.example index 8fd509afa..c138c40df 100644 --- a/.envrc.example +++ b/.envrc.example @@ -1,4 +1,5 @@ export BEARER_VERSION=latest export BEARER_WORKSPACE=$PWD/../bearer -export BEARER_PYTHON_ENABLED=true export BEARER_PHP_ENABLED=true +export BEARER_PYTHON_ENABLED=true +export BEARER_GOLANG_ENABLED=true diff --git a/.github/workflows/canary.yml b/.github/workflows/canary.yml index f3861fb8e..c6f1acebf 100644 --- a/.github/workflows/canary.yml +++ b/.github/workflows/canary.yml @@ -41,10 +41,12 @@ jobs: run: tar -czvf release/javascript.tar.gz --directory ./rules javascript - name: Archive Java run: tar -czvf release/java.tar.gz --directory ./rules java - - name: Archive Python - run: tar -czvf release/python.tar.gz --directory ./rules python - name: Archive PHP run: tar -czvf release/php.tar.gz --directory ./rules php + - name: Archive Python + run: tar -czvf release/python.tar.gz --directory ./rules python + - name: Archive Go + run: tar -czvf release/go.tar.gz --directory ./rules go - name: Create a GitHub release uses: ncipollo/release-action@v1 with: diff --git a/.github/workflows/canary_integration_tests.yml b/.github/workflows/canary_integration_tests.yml index 680ea1756..a1e66542b 100644 --- a/.github/workflows/canary_integration_tests.yml +++ b/.github/workflows/canary_integration_tests.yml @@ -29,10 +29,11 @@ jobs: "ruby/third_parties", "java/lang", "java/spring", - "python/lang", "php/lang", "php/symfony", "php/third_parties", + "python/lang", + "go/lang", ] steps: - uses: actions/checkout@v3 diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 20f1b21d7..1eaf3af97 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -36,10 +36,11 @@ jobs: "ruby/third_parties", "java/lang", "java/spring", - "python/lang", "php/lang", "php/symfony", "php/third_parties", + "python/lang", + "go/lang", ] steps: - uses: actions/checkout@v3 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6e48efd22..85989b5f2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -44,6 +44,8 @@ jobs: run: tar -czvf release/java.tar.gz --directory ./rules java - name: Archive Python run: tar -czvf release/python.tar.gz --directory ./rules python + - name: Archive Go + run: tar -czvf release/go.tar.gz --directory ./rules go - name: Create a GitHub release uses: ncipollo/release-action@v1 with: diff --git a/rules/go/lang/logger.yml b/rules/go/lang/logger.yml new file mode 100644 index 000000000..ec0b8a43d --- /dev/null +++ b/rules/go/lang/logger.yml @@ -0,0 +1,48 @@ +imports: + - go_shared_lang_datatype +patterns: + - pattern: log.$().$($) + filters: + - variable: LOGLEVEL + values: + - Error + - Debug + - variable: METHOD + values: + - Msgf + - Msg + - variable: DATA_TYPE + detection: go_shared_lang_datatype + scope: result +languages: + - go +skip_data_types: + - "Unique Identifier" +metadata: + description: "Sensitive data in a logger message detected." + remediation_message: | + ## Description + + Leaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to loggers. + + ## Remediations + + ❌ Avoid using sensitive data in logger messages: + + ```go + logger.info(f"User is: '{user.email}'") + ``` + + ✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information: + + ```go + logger.info(f"User is: '{user.uuid}'") + ``` + + ## Resources + - [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html) + cwe_id: + - 209 + - 532 + id: go_lang_logger + documentation_url: https://docs.bearer.com/reference/rules/go_lang_logger diff --git a/rules/go/lang/weak_hash_md5.yml b/rules/go/lang/weak_hash_md5.yml new file mode 100644 index 000000000..6342ccf5c --- /dev/null +++ b/rules/go/lang/weak_hash_md5.yml @@ -0,0 +1,61 @@ +imports: + - go_shared_lang_datatype +patterns: + - pattern: $.Sum($) + filters: + - variable: MD5_INIT + detection: go_lang_weak_hash_md5_init + scope: cursor + - either: + - variable: OPTIONAL_DATA_TYPE + detection: go_shared_lang_datatype + scope: result + - not: + variable: OPTIONAL_DATA_TYPE + detection: go_shared_lang_datatype + scope: result + - pattern: md5.Sum($) + filters: + - either: + - variable: OPTIONAL_DATA_TYPE + detection: go_shared_lang_datatype + scope: result + - not: + variable: OPTIONAL_DATA_TYPE + detection: go_shared_lang_datatype + scope: result +auxiliary: + - id: go_lang_weak_hash_md5_init + patterns: + - md5.New() +languages: + - go +skip_data_types: + - "Unique Identifier" + - "Passwords" # see go_lang_weak_password_encryption_md5 +metadata: + description: "Weak hashing library (MD5) detected." + remediation_message: | + ## Description + + A weak hashing library can lead to data breaches and greater security risk. + + ## Remediations + According to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used. + + ❌ Avoid libraries and algorithms with known weaknesses: + + ```go + md5.Sum([]byte('password')) + ``` + + ✅ Instead, we recommend using sha256: + + ```go + sha256.Sum256([]byte('string')) + ``` + cwe_id: + - 331 + - 328 + id: go_lang_weak_hash_md5 + documentation_url: https://docs.bearer.com/reference/rules/go_lang_weak_hash_md5 diff --git a/rules/go/lang/weak_hash_sha1.yml b/rules/go/lang/weak_hash_sha1.yml new file mode 100644 index 000000000..8cfbd10e5 --- /dev/null +++ b/rules/go/lang/weak_hash_sha1.yml @@ -0,0 +1,61 @@ +imports: + - go_shared_lang_datatype +patterns: + - pattern: $.Sum($) + filters: + - variable: SHA1_INIT + detection: go_lang_weak_hash_sha1_init + scope: cursor + - either: + - variable: OPTIONAL_DATA_TYPE + detection: go_shared_lang_datatype + scope: result + - not: + variable: OPTIONAL_DATA_TYPE + detection: go_shared_lang_datatype + scope: result + - pattern: sha1.Sum($) + filters: + - either: + - variable: OPTIONAL_DATA_TYPE + detection: go_shared_lang_datatype + scope: result + - not: + variable: OPTIONAL_DATA_TYPE + detection: go_shared_lang_datatype + scope: result +auxiliary: + - id: go_lang_weak_hash_sha1_init + patterns: + - sha1.New() +languages: + - go +skip_data_types: + - "Unique Identifier" + - "Passwords" # see go_lang_weak_password_encryption_sha1 +metadata: + description: "Weak hashing library (SHA1) detected." + remediation_message: | + ## Description + + A weak hashing library can lead to data breaches and greater security risk. + + ## Remediations + According to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used. + + ❌ Avoid libraries and algorithms with known weaknesses: + + ```go + sha1.Sum([]byte('password')) + ``` + + ✅ Instead, we recommend using sha256: + + ```go + sha256.Sum256([]byte('string')) + ``` + cwe_id: + - 331 + - 328 + id: go_lang_weak_hash_sha1 + documentation_url: https://docs.bearer.com/reference/rules/go_lang_weak_hash_sha1 diff --git a/rules/go/lang/weak_password_encryption_md5.yml b/rules/go/lang/weak_password_encryption_md5.yml new file mode 100644 index 000000000..ca031b585 --- /dev/null +++ b/rules/go/lang/weak_password_encryption_md5.yml @@ -0,0 +1,50 @@ +imports: + - go_shared_lang_datatype +patterns: + - pattern: $.Sum($) + filters: + - variable: MD5_INIT + detection: go_lang_weak_hash_md5_init + scope: cursor + - variable: DATA_TYPE + detection: go_shared_lang_datatype + scope: result + - pattern: md5.Sum($) + filters: + - variable: DATA_TYPE + detection: go_shared_lang_datatype + scope: result +auxiliary: + - id: go_lang_weak_hash_md5_init + patterns: + - md5.New() +languages: + - go +only_data_types: + - Passwords +metadata: + description: "Weak password encryption algorithm (MD5) used for password detected." + remediation_message: | + ## Description + + A weak hashing library can lead to data breaches and greater security risk. + + ## Remediations + According to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used. + + ❌ Do not use encryption for passwords, wherever possible: + + ```go + md5.Sum([]byte('password')) + ``` + + ✅ Instead, we recommend using sha256: + + ```go + sha256.Sum256([]byte('string')) + ``` + cwe_id: + - 331 + - 328 + id: go_lang_weak_password_encryption_md5 + documentation_url: https://docs.bearer.com/reference/rules/go_lang_weak_password_encryption_md5 diff --git a/rules/go/lang/weak_password_encryption_sha1.yml b/rules/go/lang/weak_password_encryption_sha1.yml new file mode 100644 index 000000000..edd967f74 --- /dev/null +++ b/rules/go/lang/weak_password_encryption_sha1.yml @@ -0,0 +1,50 @@ +imports: + - go_shared_lang_datatype +patterns: + - pattern: $.Sum($) + filters: + - variable: SHA1_INIT + detection: go_lang_weak_hash_sha1_init + scope: cursor + - variable: DATA_TYPE + detection: go_shared_lang_datatype + scope: result + - pattern: sha1.Sum($) + filters: + - variable: DATA_TYPE + detection: go_shared_lang_datatype + scope: result +auxiliary: + - id: go_lang_weak_hash_sha1_init + patterns: + - sha1.New() +languages: + - go +only_data_types: + - Passwords +metadata: + description: "Weak password encryption algorithm (SHA1) used for password detected." + remediation_message: | + ## Description + + A weak hashing library can lead to data breaches and greater security risk. + + ## Remediations + According to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used. + + ❌ Do not use encryption for passwords, wherever possible: + + ```go + sha1.Sum([]byte('password')) + ``` + + ✅ Instead, we recommend using sha256: + + ```go + sha256.Sum256([]byte('string')) + ``` + cwe_id: + - 331 + - 328 + id: go_lang_weak_password_encryption_sha1 + documentation_url: https://docs.bearer.com/reference/rules/go_lang_weak_password_encryption_sha1 diff --git a/rules/go/shared/lang/datatype.yml b/rules/go/shared/lang/datatype.yml new file mode 100644 index 000000000..39e120890 --- /dev/null +++ b/rules/go/shared/lang/datatype.yml @@ -0,0 +1,21 @@ +type: shared +languages: + - go +sanitizer: go_shared_lang_datatype_sanitizer +patterns: + - pattern: $ + filters: + - variable: DATA_TYPE + detection: datatype + scope: cursor_strict +auxiliary: + - id: go_shared_lang_datatype_sanitizer + # these patterns correspond to the projections in the built-in object detector + patterns: + - pattern: $.$<_> + focus: OBJECT + - pattern: $[$<_>] + focus: OBJECT +metadata: + description: "Go datatype." + id: go_shared_lang_datatype diff --git a/scripts/invoke.sh b/scripts/invoke.sh index 4266be18a..f71cb019a 100755 --- a/scripts/invoke.sh +++ b/scripts/invoke.sh @@ -16,7 +16,10 @@ cp -R $test_location $tmp_location if [ -n "$BEARER_WORKSPACE" ]; then cd $BEARER_WORKSPACE - BEARER_PYTHON_ENABLED=true BEARER_PHP_ENABLED=true go run ./cmd/bearer/main.go scan $tmp_location \ + BEARER_GOLANG_ENABLED=true \ + BEARER_PYTHON_ENABLED=true \ + BEARER_PHP_ENABLED=true \ + go run ./cmd/bearer/main.go scan $tmp_location \ --only-rule=$rule_id \ --quiet \ --disable-default-rules=true \ @@ -32,8 +35,9 @@ else --rm \ -v /tmp/bearer-scan:/tmp/bearer-scan \ -v $rule_loc:/tmp/rules \ - -e BEARER_PYTHON_ENABLED=true \ -e BEARER_PHP_ENABLED=true \ + -e BEARER_PYTHON_ENABLED=true \ + -e BEARER_GOLANG_ENABLED=true \ bearer/bearer:$BEARER_VERSION \ scan $tmp_location \ --only-rule=$rule_id \ diff --git a/tests/go/lang/logger/__snapshots__/test.js.snap b/tests/go/lang/logger/__snapshots__/test.js.snap new file mode 100644 index 000000000..4753086e0 --- /dev/null +++ b/tests/go/lang/logger/__snapshots__/test.js.snap @@ -0,0 +1,182 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`go_lang_logger bad 1`] = ` +"{ + "high": [ + { + "cwe_ids": [ + "209", + "532" + ], + "id": "go_lang_logger", + "title": "Sensitive data in a logger message detected.", + "description": "## Description\\n\\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to loggers.\\n\\n## Remediations\\n\\n❌ Avoid using sensitive data in logger messages:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.email}'\\")\\n\`\`\`\\n\\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.uuid}'\\")\\n\`\`\`\\n\\n## Resources\\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_logger", + "line_number": 20, + "full_filename": "/tmp/bearer-scan/bad.go", + "filename": ".", + "data_type": { + "category_uuid": "14124881-6b92-4fc5-8005-ea7c1c09592e", + "name": "Fullname" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 20, + "end": 20, + "column": { + "start": 3, + "end": 7 + } + }, + "sink": { + "start": 29, + "end": 29, + "column": { + "start": 2, + "end": 23 + }, + "content": "log.Error().Msg(user)" + }, + "parent_line_number": 29, + "snippet": "log.Error().Msg(user)", + "fingerprint": "3d34def450156dc98ba7c995e89bc3dd_0", + "old_fingerprint": "1a0df3e5fa545e7c7c38ca47ea248bbd_0", + "code_extract": "\\tlog.Error().Msg(user) // expect detection" + }, + { + "cwe_ids": [ + "209", + "532" + ], + "id": "go_lang_logger", + "title": "Sensitive data in a logger message detected.", + "description": "## Description\\n\\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to loggers.\\n\\n## Remediations\\n\\n❌ Avoid using sensitive data in logger messages:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.email}'\\")\\n\`\`\`\\n\\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.uuid}'\\")\\n\`\`\`\\n\\n## Resources\\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_logger", + "line_number": 21, + "full_filename": "/tmp/bearer-scan/bad.go", + "filename": ".", + "data_type": { + "category_uuid": "94007e1e-57d8-43e8-90f2-246236dc5dde", + "name": "Gender" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 21, + "end": 21, + "column": { + "start": 3, + "end": 9 + } + }, + "sink": { + "start": 29, + "end": 29, + "column": { + "start": 2, + "end": 23 + }, + "content": "log.Error().Msg(user)" + }, + "parent_line_number": 29, + "snippet": "log.Error().Msg(user)", + "fingerprint": "3d34def450156dc98ba7c995e89bc3dd_1", + "old_fingerprint": "1a0df3e5fa545e7c7c38ca47ea248bbd_1", + "code_extract": "\\tlog.Error().Msg(user) // expect detection" + }, + { + "cwe_ids": [ + "209", + "532" + ], + "id": "go_lang_logger", + "title": "Sensitive data in a logger message detected.", + "description": "## Description\\n\\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to loggers.\\n\\n## Remediations\\n\\n❌ Avoid using sensitive data in logger messages:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.email}'\\")\\n\`\`\`\\n\\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.uuid}'\\")\\n\`\`\`\\n\\n## Resources\\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_logger", + "line_number": 24, + "full_filename": "/tmp/bearer-scan/bad.go", + "filename": ".", + "data_type": { + "category_uuid": "14124881-6b92-4fc5-8005-ea7c1c09592e", + "name": "Fullname" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 24, + "end": 24, + "column": { + "start": 10, + "end": 19 + } + }, + "sink": { + "start": 27, + "end": 27, + "column": { + "start": 2, + "end": 23 + }, + "content": "log.Error().Msg(name)" + }, + "parent_line_number": 27, + "snippet": "log.Error().Msg(name)", + "fingerprint": "3d34def450156dc98ba7c995e89bc3dd_2", + "old_fingerprint": "1a0df3e5fa545e7c7c38ca47ea248bbd_2", + "code_extract": "\\tlog.Error().Msg(name) // expect detection" + }, + { + "cwe_ids": [ + "209", + "532" + ], + "id": "go_lang_logger", + "title": "Sensitive data in a logger message detected.", + "description": "## Description\\n\\nLeaking sensitive data to loggers is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to loggers.\\n\\n## Remediations\\n\\n❌ Avoid using sensitive data in logger messages:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.email}'\\")\\n\`\`\`\\n\\n✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:\\n\\n\`\`\`go\\nlogger.info(f\\"User is: '{user.uuid}'\\")\\n\`\`\`\\n\\n## Resources\\n- [OWASP logging cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_logger", + "line_number": 25, + "full_filename": "/tmp/bearer-scan/bad.go", + "filename": ".", + "data_type": { + "category_uuid": "14124881-6b92-4fc5-8005-ea7c1c09592e", + "name": "Fullname" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 25, + "end": 25, + "column": { + "start": 14, + "end": 27 + } + }, + "sink": { + "start": 28, + "end": 28, + "column": { + "start": 2, + "end": 24 + }, + "content": "log.Error().Msg(other)" + }, + "parent_line_number": 28, + "snippet": "log.Error().Msg(other)", + "fingerprint": "3d34def450156dc98ba7c995e89bc3dd_3", + "old_fingerprint": "1a0df3e5fa545e7c7c38ca47ea248bbd_3", + "code_extract": "\\tlog.Error().Msg(other) // expect detection" + } + ] +}" +`; + +exports[`go_lang_logger ok 1`] = `"{}"`; diff --git a/tests/go/lang/logger/test.js b/tests/go/lang/logger/test.js new file mode 100644 index 000000000..7ac9f6082 --- /dev/null +++ b/tests/go/lang/logger/test.js @@ -0,0 +1,16 @@ +const { createInvoker, getEnvironment } = require("../../../helper.js") +const { ruleId, ruleFile, testBase } = getEnvironment(__dirname) + +describe(ruleId, () => { + const invoke = createInvoker(ruleId, ruleFile, testBase) + + test("bad", () => { + const testCase = "bad.go" + expect(invoke(testCase)).toMatchSnapshot() + }) + + test("ok", () => { + const testCase = "ok.go" + expect(invoke(testCase)).toMatchSnapshot() + }) +}) diff --git a/tests/go/lang/logger/testdata/bad.go b/tests/go/lang/logger/testdata/bad.go new file mode 100644 index 000000000..fd1f45349 --- /dev/null +++ b/tests/go/lang/logger/testdata/bad.go @@ -0,0 +1,30 @@ +package main3 + +import "github.com/rs/zerolog/log" + +// var a, b string + +type User struct { + Name string + Uuid string + Gender string +} + +func (x User) FullName() (string, error) { + return "[" + x.Gender + "] " + x.Name, nil +} + +func main() { + user := User{ + Uuid: "123", + Name: "foo", + Gender: nil, + } + + name := user.Name + other, _ := user.FullName() + + log.Error().Msg(name) // expect detection + log.Error().Msg(other) // expect detection + log.Error().Msg(user) // expect detection +} diff --git a/tests/go/lang/logger/testdata/ok.go b/tests/go/lang/logger/testdata/ok.go new file mode 100644 index 000000000..d0a978200 --- /dev/null +++ b/tests/go/lang/logger/testdata/ok.go @@ -0,0 +1,27 @@ +package main3 + +import "github.com/rs/zerolog/log" + +// var a, b string + +type User struct { + Name string + Uuid string + Gender string +} + +func (x User) FullName() (string, error) { + return "[" + x.Gender + "] " + x.Name, nil +} + +func main() { + user := User{ + Uuid: "123", + Name: "foo", + Gender: nil, + } + + uuid := user.Uuid + + log.Error().Msg(uuid) // ok +} diff --git a/tests/go/lang/weak_hash_md5/__snapshots__/test.js.snap b/tests/go/lang/weak_hash_md5/__snapshots__/test.js.snap new file mode 100644 index 000000000..846d2ae9f --- /dev/null +++ b/tests/go/lang/weak_hash_md5/__snapshots__/test.js.snap @@ -0,0 +1,96 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`go_lang_weak_hash_md5 bad 1`] = ` +"{ + "high": [ + { + "cwe_ids": [ + "331", + "328" + ], + "id": "go_lang_weak_hash_md5", + "title": "Weak hashing library (MD5) detected.", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`go\\nmd5.Sum([]byte('password'))\\n\`\`\`\\n\\n✅ Instead, we recommend using sha256:\\n\\n\`\`\`go\\nsha256.Sum256([]byte('string'))\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_weak_hash_md5", + "line_number": 16, + "full_filename": "/tmp/bearer-scan/bad.go", + "filename": ".", + "data_type": { + "category_uuid": "c3119d43-0562-48ac-9a8e-7217aa8686b8", + "name": "Date of birth" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 16, + "end": 16, + "column": { + "start": 25, + "end": 41 + } + }, + "sink": { + "start": 16, + "end": 16, + "column": { + "start": 19, + "end": 42 + }, + "content": "h.Sum(user.DateOfBirth)" + }, + "parent_line_number": 16, + "snippet": "h.Sum(user.DateOfBirth)", + "fingerprint": "79a4122deea7184e6d36e21044c8e451_0", + "old_fingerprint": "81e278a461bec6b2a2ac8de1ee9c58dd_0", + "code_extract": "\\tfmt.Printf(\\"%x\\", h.Sum(user.DateOfBirth))" + }, + { + "cwe_ids": [ + "331", + "328" + ], + "id": "go_lang_weak_hash_md5", + "title": "Weak hashing library (MD5) detected.", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`go\\nmd5.Sum([]byte('password'))\\n\`\`\`\\n\\n✅ Instead, we recommend using sha256:\\n\\n\`\`\`go\\nsha256.Sum256([]byte('string'))\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_weak_hash_md5", + "line_number": 18, + "full_filename": "/tmp/bearer-scan/bad.go", + "filename": ".", + "data_type": { + "category_uuid": "c3119d43-0562-48ac-9a8e-7217aa8686b8", + "name": "Date of birth" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 18, + "end": 18, + "column": { + "start": 17, + "end": 33 + } + }, + "sink": { + "start": 19, + "end": 19, + "column": { + "start": 19, + "end": 32 + }, + "content": "md5.Sum(data)" + }, + "parent_line_number": 19, + "snippet": "md5.Sum(data)", + "fingerprint": "79a4122deea7184e6d36e21044c8e451_1", + "old_fingerprint": "81e278a461bec6b2a2ac8de1ee9c58dd_1", + "code_extract": "\\tfmt.Printf(\\"%x\\", md5.Sum(data))" + } + ] +}" +`; + +exports[`go_lang_weak_hash_md5 ok 1`] = `"{}"`; diff --git a/tests/go/lang/weak_hash_md5/test.js b/tests/go/lang/weak_hash_md5/test.js new file mode 100644 index 000000000..7ac9f6082 --- /dev/null +++ b/tests/go/lang/weak_hash_md5/test.js @@ -0,0 +1,16 @@ +const { createInvoker, getEnvironment } = require("../../../helper.js") +const { ruleId, ruleFile, testBase } = getEnvironment(__dirname) + +describe(ruleId, () => { + const invoke = createInvoker(ruleId, ruleFile, testBase) + + test("bad", () => { + const testCase = "bad.go" + expect(invoke(testCase)).toMatchSnapshot() + }) + + test("ok", () => { + const testCase = "ok.go" + expect(invoke(testCase)).toMatchSnapshot() + }) +}) diff --git a/tests/go/lang/weak_hash_md5/testdata/bad.go b/tests/go/lang/weak_hash_md5/testdata/bad.go new file mode 100644 index 000000000..070f84733 --- /dev/null +++ b/tests/go/lang/weak_hash_md5/testdata/bad.go @@ -0,0 +1,20 @@ +import ( + "crypto/md5" + "fmt" +) + +type User struct { + DateOfBirth string +} + +func main() { + h := md5.New() + user := User{ + DateOfBirth: "01/01/1970" + } + + fmt.Printf("%x", h.Sum(user.DateOfBirth)) + + data := []byte(user.DateOfBirth) + fmt.Printf("%x", md5.Sum(data)) +} diff --git a/tests/go/lang/weak_hash_md5/testdata/ok.go b/tests/go/lang/weak_hash_md5/testdata/ok.go new file mode 100644 index 000000000..bff14b168 --- /dev/null +++ b/tests/go/lang/weak_hash_md5/testdata/ok.go @@ -0,0 +1,19 @@ +import ( + "crypto/sha256" + "fmt" +) + +type User struct { + DateOfBirth string +} + +func main() { + h := sha256.New() + user := User{ + DateOfBirth: "01/01/1970" + } + fmt.Printf("%x", h.Sum256("string")) + + data := []byte("string") + fmt.Printf("%x", sha256.Sum256(data)) +} diff --git a/tests/go/lang/weak_hash_sha1/__snapshots__/test.js.snap b/tests/go/lang/weak_hash_sha1/__snapshots__/test.js.snap new file mode 100644 index 000000000..b9a047ef5 --- /dev/null +++ b/tests/go/lang/weak_hash_sha1/__snapshots__/test.js.snap @@ -0,0 +1,96 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`go_lang_weak_hash_sha1 bad 1`] = ` +"{ + "high": [ + { + "cwe_ids": [ + "331", + "328" + ], + "id": "go_lang_weak_hash_sha1", + "title": "Weak hashing library (SHA1) detected.", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`go\\nsha1.Sum([]byte('password'))\\n\`\`\`\\n\\n✅ Instead, we recommend using sha256:\\n\\n\`\`\`go\\nsha256.Sum256([]byte('string'))\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_weak_hash_sha1", + "line_number": 15, + "full_filename": "/tmp/bearer-scan/bad.go", + "filename": ".", + "data_type": { + "category_uuid": "c3119d43-0562-48ac-9a8e-7217aa8686b8", + "name": "Date of birth" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 15, + "end": 15, + "column": { + "start": 25, + "end": 41 + } + }, + "sink": { + "start": 15, + "end": 15, + "column": { + "start": 19, + "end": 42 + }, + "content": "h.Sum(user.DateOfBirth)" + }, + "parent_line_number": 15, + "snippet": "h.Sum(user.DateOfBirth)", + "fingerprint": "8064968ec84108c320d731bc0446fd64_0", + "old_fingerprint": "1cba67569f7a8d5e014e0bd2e100fd27_0", + "code_extract": "\\tfmt.Printf(\\"%x\\", h.Sum(user.DateOfBirth))" + }, + { + "cwe_ids": [ + "331", + "328" + ], + "id": "go_lang_weak_hash_sha1", + "title": "Weak hashing library (SHA1) detected.", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used.\\n\\n❌ Avoid libraries and algorithms with known weaknesses:\\n\\n\`\`\`go\\nsha1.Sum([]byte('password'))\\n\`\`\`\\n\\n✅ Instead, we recommend using sha256:\\n\\n\`\`\`go\\nsha256.Sum256([]byte('string'))\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_weak_hash_sha1", + "line_number": 17, + "full_filename": "/tmp/bearer-scan/bad.go", + "filename": ".", + "data_type": { + "category_uuid": "c3119d43-0562-48ac-9a8e-7217aa8686b8", + "name": "Date of birth" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 17, + "end": 17, + "column": { + "start": 17, + "end": 33 + } + }, + "sink": { + "start": 18, + "end": 18, + "column": { + "start": 19, + "end": 33 + }, + "content": "sha1.Sum(data)" + }, + "parent_line_number": 18, + "snippet": "sha1.Sum(data)", + "fingerprint": "8064968ec84108c320d731bc0446fd64_1", + "old_fingerprint": "1cba67569f7a8d5e014e0bd2e100fd27_1", + "code_extract": "\\tfmt.Printf(\\"%x\\", sha1.Sum(data))" + } + ] +}" +`; + +exports[`go_lang_weak_hash_sha1 ok 1`] = `"{}"`; diff --git a/tests/go/lang/weak_hash_sha1/test.js b/tests/go/lang/weak_hash_sha1/test.js new file mode 100644 index 000000000..7ac9f6082 --- /dev/null +++ b/tests/go/lang/weak_hash_sha1/test.js @@ -0,0 +1,16 @@ +const { createInvoker, getEnvironment } = require("../../../helper.js") +const { ruleId, ruleFile, testBase } = getEnvironment(__dirname) + +describe(ruleId, () => { + const invoke = createInvoker(ruleId, ruleFile, testBase) + + test("bad", () => { + const testCase = "bad.go" + expect(invoke(testCase)).toMatchSnapshot() + }) + + test("ok", () => { + const testCase = "ok.go" + expect(invoke(testCase)).toMatchSnapshot() + }) +}) diff --git a/tests/go/lang/weak_hash_sha1/testdata/bad.go b/tests/go/lang/weak_hash_sha1/testdata/bad.go new file mode 100644 index 000000000..b4c98c2f6 --- /dev/null +++ b/tests/go/lang/weak_hash_sha1/testdata/bad.go @@ -0,0 +1,19 @@ +import ( + "crypto/sha1" + "fmt" +) + +type User struct { + DateOfBirth string +} + +func main() { + h := sha1.New() + user := User{ + DateOfBirth: "01/01/1970" + } + fmt.Printf("%x", h.Sum(user.DateOfBirth)) + + data := []byte(user.DateOfBirth) + fmt.Printf("%x", sha1.Sum(data)) +} diff --git a/tests/go/lang/weak_hash_sha1/testdata/ok.go b/tests/go/lang/weak_hash_sha1/testdata/ok.go new file mode 100644 index 000000000..5699e13d8 --- /dev/null +++ b/tests/go/lang/weak_hash_sha1/testdata/ok.go @@ -0,0 +1,19 @@ +import ( + "crypto/sha256" + "fmt" +) + +type User struct { + DateOfBirth string +} + +func main() { + h := sha256.New() + user := User{ + DateOfBirth: "01/01/1970" + } + fmt.Printf("%x", h.Sum256(user.DateOfBirth)) + + data := []byte(user.DateOfBirth) + fmt.Printf("%x", sha256.Sum256(data)) +} diff --git a/tests/go/lang/weak_password_encryption_md5/__snapshots__/test.js.snap b/tests/go/lang/weak_password_encryption_md5/__snapshots__/test.js.snap new file mode 100644 index 000000000..afe71a0ef --- /dev/null +++ b/tests/go/lang/weak_password_encryption_md5/__snapshots__/test.js.snap @@ -0,0 +1,96 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`go_lang_weak_password_encryption_md5 bad 1`] = ` +"{ + "high": [ + { + "cwe_ids": [ + "331", + "328" + ], + "id": "go_lang_weak_password_encryption_md5", + "title": "Weak password encryption algorithm (MD5) used for password detected.", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used.\\n\\n❌ Do not use encryption for passwords, wherever possible:\\n\\n\`\`\`go\\nmd5.Sum([]byte('password'))\\n\`\`\`\\n\\n✅ Instead, we recommend using sha256:\\n\\n\`\`\`go\\nsha256.Sum256([]byte('string'))\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_weak_password_encryption_md5", + "line_number": 14, + "full_filename": "/tmp/bearer-scan/bad.go", + "filename": ".", + "data_type": { + "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", + "name": "Passwords" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 14, + "end": 14, + "column": { + "start": 25, + "end": 38 + } + }, + "sink": { + "start": 14, + "end": 14, + "column": { + "start": 19, + "end": 39 + }, + "content": "h.Sum(user.Password)" + }, + "parent_line_number": 14, + "snippet": "h.Sum(user.Password)", + "fingerprint": "c181a29e00531b207a344668c29973b5_0", + "old_fingerprint": "93f22ebb23ebb8c2336ce6979778d629_0", + "code_extract": "\\tfmt.Printf(\\"%x\\", h.Sum(user.Password))" + }, + { + "cwe_ids": [ + "331", + "328" + ], + "id": "go_lang_weak_password_encryption_md5", + "title": "Weak password encryption algorithm (MD5) used for password detected.", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used.\\n\\n❌ Do not use encryption for passwords, wherever possible:\\n\\n\`\`\`go\\nmd5.Sum([]byte('password'))\\n\`\`\`\\n\\n✅ Instead, we recommend using sha256:\\n\\n\`\`\`go\\nsha256.Sum256([]byte('string'))\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_weak_password_encryption_md5", + "line_number": 16, + "full_filename": "/tmp/bearer-scan/bad.go", + "filename": ".", + "data_type": { + "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", + "name": "Passwords" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 16, + "end": 16, + "column": { + "start": 17, + "end": 30 + } + }, + "sink": { + "start": 17, + "end": 17, + "column": { + "start": 19, + "end": 32 + }, + "content": "md5.Sum(data)" + }, + "parent_line_number": 17, + "snippet": "md5.Sum(data)", + "fingerprint": "c181a29e00531b207a344668c29973b5_1", + "old_fingerprint": "93f22ebb23ebb8c2336ce6979778d629_1", + "code_extract": "\\tfmt.Printf(\\"%x\\", md5.Sum(data))" + } + ] +}" +`; + +exports[`go_lang_weak_password_encryption_md5 ok 1`] = `"{}"`; diff --git a/tests/go/lang/weak_password_encryption_md5/test.js b/tests/go/lang/weak_password_encryption_md5/test.js new file mode 100644 index 000000000..7ac9f6082 --- /dev/null +++ b/tests/go/lang/weak_password_encryption_md5/test.js @@ -0,0 +1,16 @@ +const { createInvoker, getEnvironment } = require("../../../helper.js") +const { ruleId, ruleFile, testBase } = getEnvironment(__dirname) + +describe(ruleId, () => { + const invoke = createInvoker(ruleId, ruleFile, testBase) + + test("bad", () => { + const testCase = "bad.go" + expect(invoke(testCase)).toMatchSnapshot() + }) + + test("ok", () => { + const testCase = "ok.go" + expect(invoke(testCase)).toMatchSnapshot() + }) +}) diff --git a/tests/go/lang/weak_password_encryption_md5/testdata/bad.go b/tests/go/lang/weak_password_encryption_md5/testdata/bad.go new file mode 100644 index 000000000..2e96d525f --- /dev/null +++ b/tests/go/lang/weak_password_encryption_md5/testdata/bad.go @@ -0,0 +1,19 @@ +import ( + "crypto/md5" + "fmt" +) + +type User struct { + Gender string + DateOfBirth string + Password string +} + +func Authenticate(password string) { + h := md5.New() + fmt.Printf("%x", h.Sum(user.Password)) + + data := []byte(user.Password) + fmt.Printf("%x", md5.Sum(data)) +} + diff --git a/tests/go/lang/weak_password_encryption_md5/testdata/ok.go b/tests/go/lang/weak_password_encryption_md5/testdata/ok.go new file mode 100644 index 000000000..2fe93e76a --- /dev/null +++ b/tests/go/lang/weak_password_encryption_md5/testdata/ok.go @@ -0,0 +1,23 @@ +import ( + "crypto/md5" + "fmt" +) + +type User struct { + Name string + Gender string + DateOfBirth string + Password string +} + +func Authenticate(user User) { + h := sha256.New() + fmt.Printf("%x", h.Sum256(user.Password)) + + data := []byte(user.Password) + fmt.Printf("%x", sha256.Sum256(data)) + + data2 := []byte(user.Name) + fmt.Printf("%x", md5.Sum(data2)) +} + diff --git a/tests/go/lang/weak_password_encryption_sha1/__snapshots__/test.js.snap b/tests/go/lang/weak_password_encryption_sha1/__snapshots__/test.js.snap new file mode 100644 index 000000000..49798eed0 --- /dev/null +++ b/tests/go/lang/weak_password_encryption_sha1/__snapshots__/test.js.snap @@ -0,0 +1,96 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`go_lang_weak_password_encryption_sha1 bad 1`] = ` +"{ + "high": [ + { + "cwe_ids": [ + "331", + "328" + ], + "id": "go_lang_weak_password_encryption_sha1", + "title": "Weak password encryption algorithm (SHA1) used for password detected.", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used.\\n\\n❌ Do not use encryption for passwords, wherever possible:\\n\\n\`\`\`go\\nsha1.Sum([]byte('password'))\\n\`\`\`\\n\\n✅ Instead, we recommend using sha256:\\n\\n\`\`\`go\\nsha256.Sum256([]byte('string'))\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_weak_password_encryption_sha1", + "line_number": 14, + "full_filename": "/tmp/bearer-scan/bad.go", + "filename": ".", + "data_type": { + "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", + "name": "Passwords" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 14, + "end": 14, + "column": { + "start": 25, + "end": 38 + } + }, + "sink": { + "start": 14, + "end": 14, + "column": { + "start": 19, + "end": 39 + }, + "content": "h.Sum(user.Password)" + }, + "parent_line_number": 14, + "snippet": "h.Sum(user.Password)", + "fingerprint": "d2bf48a480ce27df38fcb27b6bd76b47_0", + "old_fingerprint": "1353d706a4f9e7cb2dc48170b5f97477_0", + "code_extract": "\\tfmt.Printf(\\"%x\\", h.Sum(user.Password))" + }, + { + "cwe_ids": [ + "331", + "328" + ], + "id": "go_lang_weak_password_encryption_sha1", + "title": "Weak password encryption algorithm (SHA1) used for password detected.", + "description": "## Description\\n\\nA weak hashing library can lead to data breaches and greater security risk.\\n\\n## Remediations\\nAccording to [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption), MD5 and its predecessors are considered weak hash algorithms and therefore shouldn't be used.\\n\\n❌ Do not use encryption for passwords, wherever possible:\\n\\n\`\`\`go\\nsha1.Sum([]byte('password'))\\n\`\`\`\\n\\n✅ Instead, we recommend using sha256:\\n\\n\`\`\`go\\nsha256.Sum256([]byte('string'))\\n\`\`\`\\n", + "documentation_url": "https://docs.bearer.com/reference/rules/go_lang_weak_password_encryption_sha1", + "line_number": 16, + "full_filename": "/tmp/bearer-scan/bad.go", + "filename": ".", + "data_type": { + "category_uuid": "dd88aee5-9d40-4ad2-8983-0c791ddec47c", + "name": "Passwords" + }, + "category_groups": [ + "PII", + "Personal Data" + ], + "source": { + "start": 16, + "end": 16, + "column": { + "start": 17, + "end": 30 + } + }, + "sink": { + "start": 17, + "end": 17, + "column": { + "start": 19, + "end": 33 + }, + "content": "sha1.Sum(data)" + }, + "parent_line_number": 17, + "snippet": "sha1.Sum(data)", + "fingerprint": "d2bf48a480ce27df38fcb27b6bd76b47_1", + "old_fingerprint": "1353d706a4f9e7cb2dc48170b5f97477_1", + "code_extract": "\\tfmt.Printf(\\"%x\\", sha1.Sum(data))" + } + ] +}" +`; + +exports[`go_lang_weak_password_encryption_sha1 ok 1`] = `"{}"`; diff --git a/tests/go/lang/weak_password_encryption_sha1/test.js b/tests/go/lang/weak_password_encryption_sha1/test.js new file mode 100644 index 000000000..7ac9f6082 --- /dev/null +++ b/tests/go/lang/weak_password_encryption_sha1/test.js @@ -0,0 +1,16 @@ +const { createInvoker, getEnvironment } = require("../../../helper.js") +const { ruleId, ruleFile, testBase } = getEnvironment(__dirname) + +describe(ruleId, () => { + const invoke = createInvoker(ruleId, ruleFile, testBase) + + test("bad", () => { + const testCase = "bad.go" + expect(invoke(testCase)).toMatchSnapshot() + }) + + test("ok", () => { + const testCase = "ok.go" + expect(invoke(testCase)).toMatchSnapshot() + }) +}) diff --git a/tests/go/lang/weak_password_encryption_sha1/testdata/bad.go b/tests/go/lang/weak_password_encryption_sha1/testdata/bad.go new file mode 100644 index 000000000..bcd1923ce --- /dev/null +++ b/tests/go/lang/weak_password_encryption_sha1/testdata/bad.go @@ -0,0 +1,19 @@ +import ( + "crypto/sha1" + "fmt" +) + +type User struct { + Gender string + DateOfBirth string + Password string +} + +func Authenticate(user User) { + h := sha1.New() + fmt.Printf("%x", h.Sum(user.Password)) + + data := []byte(user.Password) + fmt.Printf("%x", sha1.Sum(data)) +} + diff --git a/tests/go/lang/weak_password_encryption_sha1/testdata/ok.go b/tests/go/lang/weak_password_encryption_sha1/testdata/ok.go new file mode 100644 index 000000000..278a01842 --- /dev/null +++ b/tests/go/lang/weak_password_encryption_sha1/testdata/ok.go @@ -0,0 +1,23 @@ +import ( + "crypto/sha1" + "crypto/sha256" + "fmt" +) + +type User struct { + Name string + Gender string + DateOfBirth string + Password string +} + +func Authenticate(user User) { + h := sha256.New() + fmt.Printf("%x", h.Sum256(user.Password)) + + data := []byte(user.Password) + fmt.Printf("%x", sha256.Sum256(data)) + + data2 := []byte(user.Name) + fmt.Printf("%x", sha1.Sum(data2)) +}