diff --git a/rules/S5542/go/rule.adoc b/rules/S5542/go/rule.adoc index 7193b5561c7..3e3a223059e 100644 --- a/rules/S5542/go/rule.adoc +++ b/rules/S5542/go/rule.adoc @@ -1,44 +1,133 @@ -FIXME: add a description -// If you want to factorize the description uncomment the following line and create the file. -//include::../description.adoc[] +include::../summary.adoc[] == Why is this an issue? -FIXME: remove the unused optional headers (that are commented out) +include::../rationale.adoc[] -//=== What is the potential impact? +include::../impact.adoc[] + +// How to fix it section == How to fix it -//== How to fix it in FRAMEWORK NAME === Code examples ==== Noncompliant code example +include::../common/fix/aes-noncompliant-example.adoc[] + [source,go,diff-id=1,diff-type=noncompliant] ---- -FIXME +import ( + "crypto/aes" + "crypto/cipher" + "crypto/rand" +) +func encrypt() { + plaintext := []byte("Exampleplaintext") + + key := make([]byte, 32) + rand.Read(key) + block, _ := aes.NewCipher(key) + iv := make([]byte, block.BlockSize()) + rand.Read(iv) + + encrypter := cipher.NewCBCEncrypter(block, iv) // Noncompliant + + ciphertext := make([]byte, len(plaintext)) + encrypter.CryptBlocks(ciphertext, plaintext) +} +---- + +include::../common/fix/rsa-noncompliant-example.adoc[] + +[source,go,diff-id=2,diff-type=noncompliant] +---- +import ( + "crypto/rand" + "crypto/rsa" +) +func encrypt() { + random := rand.Reader + plaintext := []byte("Exampleplaintext") + privateKey, _ := rsa.GenerateKey(random, 4096) + ciphertext, _ := rsa.EncryptPKCS1v15(random, &privateKey.PublicKey, plaintext) // Noncompliant +} ---- ==== Compliant solution +include::../common/fix/aes-compliant-example.adoc[] + [source,go,diff-id=1,diff-type=compliant] ---- -FIXME +import ( + "crypto/aes" + "crypto/cipher" + "crypto/rand" +) +func encrypt() { + plaintext := []byte("Exampleplaintext") + + key := make([]byte, 32) + rand.Read(key) + block, _ := aes.NewCipher(key) + nonce := make([]byte, 12) + rand.Read(nonce) + + aesgcm, _ := cipher.NewGCM(block) // Compliant + + ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil) +} +---- + +include::../common/fix/rsa-compliant-example.adoc[] + +[source,go,diff-id=2,diff-type=compliant] ---- +import ( + "crypto/rand" + "crypto/rsa" + "crypto/sha256" +) +func encrypt() { + random := rand.Reader + plaintext := []byte("Exampleplaintext") + privateKey, _ := rsa.GenerateKey(random, 4096) + ciphertext, _ := rsa.EncryptOAEP(sha256.New(), random, &privateKey.PublicKey, plaintext, nil) // Compliant +} +---- + +=== How does this work? + +include::../common/fix/fix.adoc[] + + + +== Resources + +include::../common/resources/docs.adoc[] + +include::../common/resources/articles.adoc[] + +include::../common/resources/presentations.adoc[] + +include::../common/resources/standards.adoc[] + + +ifdef::env-github,rspecator-view[] -//=== How does this work? +''' +== Implementation Specification +(visible only on this page) -//=== Pitfalls +include::../message.adoc[] -//=== Going the extra mile +''' +== Comments And Links +(visible only on this page) +include::../comments-and-links.adoc[] -//== Resources -//=== Documentation -//=== Articles & blog posts -//=== Conference presentations -//=== Standards -//=== External coding guidelines -//=== Benchmarks +endif::env-github,rspecator-view[]