v1.14.6/tools/semgrep/ci/hmac-bytes.yml - hashicorp/vault - Git at Google

 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0

 rules:
   - id: use-hmac-equal
     patterns:
         - pattern-either:
               - pattern: |
                       $MAC = hmac.New(...)
                       ...
                       $H = $MAC.Sum(...)
                       ...
                       bytes.Equal($H, ...)
               - pattern: |
                       $MAC = hmac.New(...)
                       ...
                       $H = $MAC.Sum(...)
                       ...
                       bytes.Equal(..., $H)
     message: "Comparing a MAC with bytes.Equal()"
     languages: [go]
     severity: ERROR
	# Copyright (c) HashiCorp, Inc.
	# SPDX-License-Identifier: MPL-2.0

	rules:
	- id: use-hmac-equal
	patterns:
	- pattern-either:
	- pattern: \|
	$MAC = hmac.New(...)
	...
	$H = $MAC.Sum(...)
	...
	bytes.Equal($H, ...)
	- pattern: \|
	$MAC = hmac.New(...)
	...
	$H = $MAC.Sum(...)
	...
	bytes.Equal(..., $H)
	message: "Comparing a MAC with bytes.Equal()"
	languages: [go]
	severity: ERROR