[CodeScanning #129] go/weak-sensitive-data-hashing in pkg/llmproxy/executor/user_id_cache.go:48

[KooshaPari]

Source alert: https://github.com/KooshaPari/cliproxyapi-plusplus/security/code-scanning/129

Rule:

• ID: go/weak-sensitive-data-hashing
• Description: Use of a broken or weak cryptographic hashing algorithm on sensitive data
• Severity: high

Location:

• Ref: refs/heads/main
• File: pkg/llmproxy/executor/user_id_cache.go
• Line: 48

Message:
Sensitive data (password) is used in a hashing algorithm (SHA256) that is insecure for password hashing, since it is not a computationally expensive hash function.

Scope:

• Reproduce and confirm reachability
• Implement fix with tests
• Close code-scanning alert in GitHub

[KooshaPari]

Closing as resolved by current Code Scanning state. Alert #129 is no longer open in GitHub Code Scanning. If this reappears, a new alert/issue will be tracked.