GORM Playground Link
https://go.dev/play/p/dKCcHIVvuht
https://github.com/go-gorm/playground/pull/1
Description
This is SAST coverity tool report, attaching the screenshot for further analysis and to see if the issue needs fix.
function - mysql.BuildKeyName
details - A use of a weak hashing algorithm was detected. There exist well known ways to produce collisions on the hashes.In github.com/jinzhu/gorm.mysql.BuildKeyName(string, string, []string, string): A risky hashing function was used. This may allow an attacker to produce collisions on the hash or execute length extension attacks.
![Gorm Coverity Scan - [Security] - Risky cryptographic hashing function](https://www.nineya.com/upload/2025/1/0821311626894274)
version - github.com/jinzhu/gorm v1.9.12
Comment From: github-actions[bot]
The issue has been automatically marked as stale as it missing playground pull request link, which is important to help others understand your issue effectively and make sure the issue hasn't been fixed on latest master, checkout https://github.com/go-gorm/playground for details. it will be closed in 30 days if no further activity occurs. if you are asking question, please use the Question template, most likely your question already answered https://github.com/go-gorm/gorm/issues or described in the document https://gorm.io ✨ Search Before Asking ✨
Comment From: raghvendra-dixit
Hi @jinzhu , this is an issue which is an static analysis tool report, thought of sharing here to get insights for the issue and possible discussion to fix this. Unfortunately, in this case i do not have go playground to simulate, as this scan report of the code base
Comment From: github-actions[bot]
The issue has been automatically marked as stale as it missing playground pull request link, which is important to help others understand your issue effectively and make sure the issue hasn't been fixed on latest master, checkout https://github.com/go-gorm/playground for details. it will be closed in 30 days if no further activity occurs. if you are asking question, please use the Question template, most likely your question already answered https://github.com/go-gorm/gorm/issues or described in the document https://gorm.io ✨ Search Before Asking ✨
Comment From: github-actions[bot]
The issue has been automatically marked as stale as it missing playground pull request link, which is important to help others understand your issue effectively and make sure the issue hasn't been fixed on latest master, checkout https://github.com/go-gorm/playground for details. it will be closed in 30 days if no further activity occurs. if you are asking question, please use the Question template, most likely your question already answered https://github.com/go-gorm/gorm/issues or described in the document https://gorm.io ✨ Search Before Asking ✨