Linter: gosec, Rule: G506 - Import blocklist: golang.org/x/crypto/md4. Should we enable it? #15801
Labels
Comments
|
I would enable it. |
|
What's the difference to rule 406 (#15800)? |
|
406 detects usages, 506 detects imports. I don't know why they are separated... |
|
I think we cannot use it if we don't import it and vice versa without triggering compiler errors or other linters. So I would say we do the one or the other not both. What do you think? |
|
It seems then that banning the import makes more sense. Although I don't see any objections to enabling both. :) |
|
See my comment in the other issue... |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Use Case
This issue starts discussion about enabling:
Rule is mapped to CWE-327: Use of Weak Hash.
Expected behavior
Decision if rule should be enabled or not.
Actual behavior
For this rule no findings were found in current code.
Additional info
For this rule no additional configuration can be provided.
The text was updated successfully, but these errors were encountered: