@@ -853,6 +853,7 @@ linters-settings:
853853 - G112 # Potential slowloris attack
854854 - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772)
855855 - G114 # Use of net/http serve function that has no support for setting timeouts
856+ - G115 # Potential integer overflow when converting between integer types
856857 - G201 # SQL query construction using format string
857858 - G202 # SQL query construction using string concatenation
858859 - G203 # Use of unescaped data in HTML templates
@@ -864,16 +865,21 @@ linters-settings:
864865 - G305 # File traversal when extracting zip/tar archive
865866 - G306 # Poor file permissions used when writing to a new file
866867 - G307 # Poor file permissions used when creating a file with os.Create
867- - G401 # Detect the usage of DES, RC4, MD5 or SHA1
868+ - G401 # Detect the usage of MD5 or SHA1
868869 - G402 # Look for bad TLS connection settings
869870 - G403 # Ensure minimum RSA key length of 2048 bits
870871 - G404 # Insecure random number source (rand)
872+ - G405 # Detect the usage of DES or RC4
873+ - G406 # Detect the usage of MD4 or RIPEMD160
871874 - G501 # Import blocklist: crypto/md5
872875 - G502 # Import blocklist: crypto/des
873876 - G503 # Import blocklist: crypto/rc4
874877 - G504 # Import blocklist: net/http/cgi
875878 - G505 # Import blocklist: crypto/sha1
879+ - G506 # Import blocklist: golang.org/x/crypto/md4
880+ - G507 # Import blocklist: golang.org/x/crypto/ripemd160
876881 - G601 # Implicit memory aliasing of items from a range statement
882+ - G602 # Slice access out of bounds
877883
878884 # To specify a set of rules to explicitly exclude.
879885 # Available rules: https://github.com/securego/gosec#available-rules
@@ -892,6 +898,7 @@ linters-settings:
892898 - G112 # Potential slowloris attack
893899 - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772)
894900 - G114 # Use of net/http serve function that has no support for setting timeouts
901+ - G115 # Potential integer overflow when converting between integer types
895902 - G201 # SQL query construction using format string
896903 - G202 # SQL query construction using string concatenation
897904 - G203 # Use of unescaped data in HTML templates
@@ -903,16 +910,21 @@ linters-settings:
903910 - G305 # File traversal when extracting zip/tar archive
904911 - G306 # Poor file permissions used when writing to a new file
905912 - G307 # Poor file permissions used when creating a file with os.Create
906- - G401 # Detect the usage of DES, RC4, MD5 or SHA1
913+ - G401 # Detect the usage of MD5 or SHA1
907914 - G402 # Look for bad TLS connection settings
908915 - G403 # Ensure minimum RSA key length of 2048 bits
909916 - G404 # Insecure random number source (rand)
917+ - G405 # Detect the usage of DES or RC4
918+ - G406 # Detect the usage of MD4 or RIPEMD160
910919 - G501 # Import blocklist: crypto/md5
911920 - G502 # Import blocklist: crypto/des
912921 - G503 # Import blocklist: crypto/rc4
913922 - G504 # Import blocklist: net/http/cgi
914923 - G505 # Import blocklist: crypto/sha1
924+ - G506 # Import blocklist: golang.org/x/crypto/md4
925+ - G507 # Import blocklist: golang.org/x/crypto/ripemd160
915926 - G601 # Implicit memory aliasing of items from a range statement
927+ - G602 # Slice access out of bounds
916928
917929 # Exclude generated files
918930 # Default: false
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments