Calling hmac.New with unchanging hash.New

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

ID: go-security/hmac-needs-new

Language: Go

Severity: Error

Category: Security

Description

No description found

Non-Compliant Code Examples

func main() {
    hmacKey := []byte("secret")

    h := sha256.New()
    hmacInstance := hmac.New(func() hash.Hash { return h }, hmacKey)

    var h2 hash.Hash
    hmacInstance2 := hmac.New(func() hash.Hash { return h2 }, hmacKey)

    h3 := sha512.New()
    f := func() hash.Hash { return h3 }
    hmacInstance3 := hmac.New(f, hmacKey)
}

Compliant Code Examples

func main() {
    hmacKey := []byte("secret")
    h := hmac.New(func() hash.Hash { return sha256.New() }, hmacKey)
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

Datadog Code Analysis
PREVIEWING: rtrieu/product-analytics-ui-changes