Skip to content

Commit

Permalink
Remove the decryption funtions/methods from G407 check
Browse files Browse the repository at this point in the history
The nonce in the decryption functions/methods is typically provided and
it should not be randomnly generated.

Change-Id: Id0df0d43aecb2aadb00b9fa901bd060a43a201c5
Signed-off-by: Cosmin Cojocar <[email protected]>
  • Loading branch information
ccojocar committed Nov 26, 2024
1 parent 699cb55 commit fb516bf
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 14 deletions.
3 changes: 0 additions & 3 deletions analyzers/hardcodedNonce.go → analyzers/hardcoded_nonce.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,7 @@ func runHardCodedNonce(pass *analysis.Pass) (interface{}, error) {
// Example "Test" 3, 1 -- means the function "Test" which accepts 3 arguments, and has the nonce arg as second argument
calls := map[string][]int{
"(crypto/cipher.AEAD).Seal": {4, 1},
"(crypto/cipher.AEAD).Open": {4, 1},
"crypto/cipher.NewCBCDecrypter": {2, 1},
"crypto/cipher.NewCBCEncrypter": {2, 1},
"crypto/cipher.NewCFBDecrypter": {2, 1},
"crypto/cipher.NewCFBEncrypter": {2, 1},
"crypto/cipher.NewCTR": {2, 1},
"crypto/cipher.NewOFB": {2, 1},
Expand Down
22 changes: 11 additions & 11 deletions testutils/g407_samples.go
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ func main() {
cipherText, _ = aesGCM.Open(nil, []byte("ILoveMyNonce"), cipherText, nil)
fmt.Println(string(cipherText))
}
`}, 2, gosec.NewConfig()},
`}, 1, gosec.NewConfig()},

{[]string{`package main
Expand All @@ -193,7 +193,7 @@ func main() {
cipherText, _ = aesGCM.Open(nil, []byte{}, cipherText, nil)
fmt.Println(string(cipherText))
}
`}, 2, gosec.NewConfig()},
`}, 1, gosec.NewConfig()},

{[]string{`package main
Expand All @@ -214,7 +214,7 @@ func main() {
cipherText, _ = aesGCM.Open(nil, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, cipherText, nil)
fmt.Println(string(cipherText))
}
`}, 2, gosec.NewConfig()},
`}, 1, gosec.NewConfig()},

{[]string{`package main
Expand Down Expand Up @@ -248,7 +248,7 @@ func main() {
fmt.Println(string(cipherText))
}
`}, 2, gosec.NewConfig()},
`}, 1, gosec.NewConfig()},

{[]string{`package main
Expand Down Expand Up @@ -281,7 +281,7 @@ func main() {
}(), cipherText, nil)
fmt.Println(string(cipherText))
}
`}, 2, gosec.NewConfig()},
`}, 1, gosec.NewConfig()},

{[]string{`package main
Expand All @@ -301,7 +301,7 @@ func main() {
fmt.Println(string(cipheredText))
}
`}, 2, gosec.NewConfig()},
`}, 1, gosec.NewConfig()},

{[]string{`package main
Expand All @@ -321,7 +321,7 @@ func main() {
fmt.Println(string(cipheredText))
}
`}, 2, gosec.NewConfig()},
`}, 1, gosec.NewConfig()},

{[]string{`package main
Expand All @@ -342,7 +342,7 @@ func main() {
aesCFB.XORKeyStream(output, output)
fmt.Println(string(output))
}`}, 2, gosec.NewConfig()},
}`}, 1, gosec.NewConfig()},

{[]string{`package main
Expand All @@ -363,7 +363,7 @@ func main() {
aesCFB.XORKeyStream(output, output)
fmt.Println(string(output))
}`}, 2, gosec.NewConfig()},
}`}, 1, gosec.NewConfig()},

{[]string{`package main
Expand All @@ -386,7 +386,7 @@ func main() {
aesCBC.CryptBlocks(output, output)
fmt.Println(string(output))
}`}, 2, gosec.NewConfig()},
}`}, 1, gosec.NewConfig()},

{[]string{`package main
Expand All @@ -410,7 +410,7 @@ func main() {
fmt.Println(string(output))
}
`}, 2, gosec.NewConfig()},
`}, 1, gosec.NewConfig()},

{[]string{`package main
Expand Down

0 comments on commit fb516bf

Please sign in to comment.