Skip to content

Commit

Permalink
SONARGO-136: Add S5542 for Go
Browse files Browse the repository at this point in the history
  • Loading branch information
daniel-teuchert-sonarsource committed Jan 29, 2025
1 parent 1bd8c3a commit cf7e7f6
Showing 1 changed file with 107 additions and 18 deletions.
125 changes: 107 additions & 18 deletions rules/S5542/go/rule.adoc
Original file line number Diff line number Diff line change
@@ -1,44 +1,133 @@
FIXME: add a description

// If you want to factorize the description uncomment the following line and create the file.
//include::../description.adoc[]
include::../summary.adoc[]

== Why is this an issue?

FIXME: remove the unused optional headers (that are commented out)
include::../rationale.adoc[]

//=== What is the potential impact?
include::../impact.adoc[]

// How to fix it section

== How to fix it
//== How to fix it in FRAMEWORK NAME

=== Code examples

==== Noncompliant code example

include::../common/fix/aes-noncompliant-example.adoc[]

[source,go,diff-id=1,diff-type=noncompliant]
----
FIXME
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
)
func encrypt() {
plaintext := []byte("Exampleplaintext")
key := make([]byte, 32)
rand.Read(key)
block, _ := aes.NewCipher(key)
iv := make([]byte, block.BlockSize())
rand.Read(iv)
encrypter := cipher.NewCBCEncrypter(block, iv) // Noncompliant
ciphertext := make([]byte, len(plaintext))
encrypter.CryptBlocks(ciphertext, plaintext)
}
----

include::../common/fix/rsa-noncompliant-example.adoc[]

[source,go,diff-id=2,diff-type=noncompliant]
----
import (
"crypto/rand"
"crypto/rsa"
)
func encrypt() {
random := rand.Reader
plaintext := []byte("Exampleplaintext")
privateKey, _ := rsa.GenerateKey(random, 4096)
ciphertext, _ := rsa.EncryptPKCS1v15(random, &privateKey.PublicKey, plaintext) // Noncompliant
}
----

==== Compliant solution

include::../common/fix/aes-compliant-example.adoc[]

[source,go,diff-id=1,diff-type=compliant]
----
FIXME
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
)
func encrypt() {
plaintext := []byte("Exampleplaintext")
key := make([]byte, 32)
rand.Read(key)
block, _ := aes.NewCipher(key)
nonce := make([]byte, 12)
rand.Read(nonce)
aesgcm, _ := cipher.NewGCM(block) // Compliant
ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil)
}
----

include::../common/fix/rsa-compliant-example.adoc[]

[source,go,diff-id=2,diff-type=compliant]
----
import (
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
)
func encrypt() {
random := rand.Reader
plaintext := []byte("Exampleplaintext")
privateKey, _ := rsa.GenerateKey(random, 4096)
ciphertext, _ := rsa.EncryptOAEP(sha256.New(), random, &privateKey.PublicKey, plaintext, nil) // Compliant
}
----

=== How does this work?

include::../common/fix/fix.adoc[]



== Resources

include::../common/resources/docs.adoc[]

include::../common/resources/articles.adoc[]

include::../common/resources/presentations.adoc[]

include::../common/resources/standards.adoc[]


ifdef::env-github,rspecator-view[]

//=== How does this work?
'''
== Implementation Specification
(visible only on this page)

//=== Pitfalls
include::../message.adoc[]

//=== Going the extra mile
'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

//== Resources
//=== Documentation
//=== Articles & blog posts
//=== Conference presentations
//=== Standards
//=== External coding guidelines
//=== Benchmarks
endif::env-github,rspecator-view[]

0 comments on commit cf7e7f6

Please sign in to comment.