Infrastructure/imageproxy
0
Fork 0
mirror of https://github.com/willnorris/imageproxy.git synced 2024-12-16 21:56:43 -05:00
Code Issues Activity

lint: explain hash alg exclusion better

Browse source
This commit is contained in:
Will Norris 2022-01-22 10:29:05 -08:00
parent 13bafdbf9e
commit ef8aec77a9
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.golangci.yml
View file

@ -13,12 +13,12 @@ linters:
issues: issues:
exclude-rules: exclude-rules:
# Some cache implementations use md5 hashes for cached filenames. There is # Some cache implementations use md5 hashes for cached filenames. There is
# a slight risk of cache poisoning if an attacker could construct a URL # a slight risk of cache poisoning if an attacker could construct a URL
# with the same hash, but it would also need to be allowed by the proxies # with the same hash, but the URL would also need to be allowed by the
# security settings. Changing these to a more secure hash algorithm would # proxy's security settings (host allowlist, URL signature, etc). Changing
# result in 100% cache misses when users upgrade. For now, just leave these # these to a more secure hash algorithm would result in 100% cache misses
# alone. # when users upgrade. For now, just leave these alone.
- path: internal/.*cache - path: internal/.*cache
linters: gosec linters: gosec
text: G(401|501) text: G(401|501)