Improvements based on review

SonarSource · Jan 31, 2025 · 13ebf70 · 13ebf70
1 parent cf7e7f6
commit 13ebf70
Showing 1 changed file with 24 additions and 4 deletions.
diff --git a/rules/S5542/go/rule.adoc b/rules/S5542/go/rule.adoc
@@ -15,7 +15,7 @@ include::../impact.adoc[]
 
 ==== Noncompliant code example
 
-include::../common/fix/aes-noncompliant-example.adoc[]
+Example with a symmetric cipher, AES in CBC mode:
 
 [source,go,diff-id=1,diff-type=noncompliant]
 ----
@@ -40,7 +40,27 @@ func encrypt() {
 }
 ----
 
-include::../common/fix/rsa-noncompliant-example.adoc[]
+The following example shows the function `cipher.Block.Encrypt` being used directly to run AES in a self-build ECB mode:
+
+[source,go]
+----
+import (
+    "crypto/aes"
+    "crypto/rand"
+)
+func encrypt() {
+    plaintext := []byte("Exampleplaintext")
+
+    key := make([]byte, 32) 
+    rand.Read(key)
+    block, _ := aes.NewCipher(key)
+
+    ciphertext := make([]byte, len(plaintext))
+    block.Encrypt(ciphertext, plaintext) // Noncompliant
+}
+----
+
+Example with an asymetric cipher, RSA with PKCS1v15 padding:
 
 [source,go,diff-id=2,diff-type=noncompliant]
 ----
@@ -76,7 +96,7 @@ func encrypt() {
     nonce := make([]byte, 12)
     rand.Read(nonce)
 
-    aesgcm, _ := cipher.NewGCM(block) // Compliant
+    aesgcm, _ := cipher.NewGCM(block)
 
     ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil)
 }
@@ -95,7 +115,7 @@ func encrypt() {
     random := rand.Reader
     plaintext := []byte("Exampleplaintext")
     privateKey, _ := rsa.GenerateKey(random, 4096)
-    ciphertext, _ := rsa.EncryptOAEP(sha256.New(), random, &privateKey.PublicKey, plaintext, nil) // Compliant
+    ciphertext, _ := rsa.EncryptOAEP(sha256.New(), random, &privateKey.PublicKey, plaintext, nil)
 }
 ----