Package comments and explanation why we use non-secure algorithms

grafana · Dec 7, 2023 · 1678c70 · 1678c70
1 parent 6aa2e14
commit 1678c70
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 5 deletions.
diff --git a/js/modules/k6/crypto/crypto.go b/js/modules/k6/crypto/crypto.go
@@ -1,10 +1,11 @@
+// Package crypto provides common hashing function for the k6
 package crypto
 
 import (
 	"crypto/hmac"
-	"crypto/md5"
+	"crypto/md5" // #nosec G501 // MD5 is weak, but we need it for compatibility
 	"crypto/rand"
-	"crypto/sha1"
+	"crypto/sha1" // #nosec G505 // SHA1 is weak, but we need it for compatibility
 	"crypto/sha256"
 	"crypto/sha512"
 	"encoding/base64"
@@ -13,8 +14,8 @@ import (
 	"fmt"
 	"hash"
 
-	"golang.org/x/crypto/md4"
-	"golang.org/x/crypto/ripemd160"
+	"golang.org/x/crypto/md4"       //nolint:staticcheck // #nosec G501 // MD4 is weak, but we need it for compatibility
+	"golang.org/x/crypto/ripemd160" // no lint:staticcheck // #nosec G501 // RIPEMD160 is weak, but we need it for compatibility
 
 	"github.com/dop251/goja"
 

diff --git a/js/modules/k6/crypto/x509/x509.go b/js/modules/k6/crypto/x509/x509.go
@@ -1,7 +1,8 @@
+// Package x509 provides X.509 certificate parsing for the k6
 package x509
 
 import (
-	"crypto/dsa"
+	"crypto/dsa" //nolint:staticcheck // #nosec G505 // DSA is weak, but we need it for compatibility
 	"crypto/ecdsa"
 	"crypto/rsa"
 	"crypto/sha1" // #nosec G505

diff --git a/js/modules/k6/encoding/encoding.go b/js/modules/k6/encoding/encoding.go
@@ -1,3 +1,4 @@
+// Package encoding provides encoding/decoding functionality for the k6
 package encoding
 
 import (