particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

gosec: G401, G501 - Weak cryptographic primitive

Browse source 
azure, koji and gcp use md5 hashes. Gosec is not happy with it, so we
create exceptions for them (G401, G501).
This commit is contained in:
Juan Abia 2021-11-29 13:53:54 +01:00 committed by Alexander Todorov
parent 5a1460a6d1
commit c8cf835db3
3 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
internal/upload/koji/koji.go
View file

@ -2,6 +2,8 @@ package koji
import (
"bytes"
// koji uses MD5 hashes
/* #nosec G501 */
"crypto/md5"
"encoding/json"
"errors"
@ -343,6 +345,8 @@ func (k *Koji) uploadChunk(chunk []byte, filepath, filename string, offset uint6
func (k *Koji) Upload(file io.Reader, filepath, filename string) (string, uint64, error) {
chunk := make([]byte, 1024*1024) // upload a megabyte at a time
offset := uint64(0)
// Koji uses MD5 hashes
/* #nosec G401 */
hash := md5.New()
for {
n, err := file.Read(chunk)