gosec/testutils/g407_samples.go
Cosmin Cojocar 229cf63a09
Some checks failed
CI / test (map[go:1.22.9 golangci:latest]) (push) Has been cancelled
CI / test (map[go:1.23.3 golangci:latest]) (push) Has been cancelled
Security Scan / build (push) Has been cancelled
CI / coverage (push) Has been cancelled
Remove the decryption funtions/methods from G407 check
The nonce in the decryption functions/methods is typically provided and
it should not be randomnly generated.

Change-Id: Id0df0d43aecb2aadb00b9fa901bd060a43a201c5
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-11-26 10:14:30 +01:00

496 lines
11 KiB
Go

package testutils
import "github.com/securego/gosec/v2"
// SampleCodeG407 - Use of hardcoded nonce/IV
var SampleCodeG407 = []CodeSample{
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesOFB := cipher.NewOFB(block, []byte("ILoveMyNonceAlot"))
var output = make([]byte, 16)
aesOFB.XORKeyStream(output, []byte("Very Cool thing!"))
fmt.Println(string(output))
}
`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func encrypt(nonce []byte) {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesOFB := cipher.NewOFB(block, nonce)
var output = make([]byte, 16)
aesOFB.XORKeyStream(output, []byte("Very Cool thing!"))
fmt.Println(string(output))
}
func main() {
var nonce = []byte("ILoveMyNonceAlot")
encrypt(nonce)
}
`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesOFB := cipher.NewOFB(block, []byte("ILoveMyNonceAlot")) // #nosec G407
var output = make([]byte, 16)
aesOFB.XORKeyStream(output, []byte("Very Cool thing!"))
fmt.Println(string(output))
}
`}, 0, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher( []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesGCM, _ := cipher.NewGCM(block)
cipherText := aesGCM.Seal(nil, func() []byte {
if true {
return []byte("ILoveMyNonce")
} else {
return []byte("IDont'Love..")
}
}(), []byte("My secret message"), nil) // #nosec G407
fmt.Println(string(cipherText))
cipherText, _ = aesGCM.Open(nil, func() []byte {
if true {
return []byte("ILoveMyNonce")
} else {
return []byte("IDont'Love..")
}
}(), cipherText, nil) // #nosec G407
fmt.Println(string(cipherText))
}
`}, 0, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesOFB := cipher.NewOFB(block, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
var output = make([]byte, 16)
aesOFB.XORKeyStream(output, []byte("Very Cool thing!"))
fmt.Println(string(output))
}`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesCTR := cipher.NewCTR(block, []byte("ILoveMyNonceAlot"))
var output = make([]byte, 16)
aesCTR.XORKeyStream(output, []byte("Very Cool thing!"))
fmt.Println(string(output))
}`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesCTR := cipher.NewCTR(block, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
var output = make([]byte, 16)
aesCTR.XORKeyStream(output, []byte("Very Cool thing!"))
fmt.Println(string(output))
}
`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesGCM, _ := cipher.NewGCM(block)
cipherText := aesGCM.Seal(nil, []byte("ILoveMyNonce"), []byte("My secret message"), nil)
fmt.Println(string(cipherText))
cipherText, _ = aesGCM.Open(nil, []byte("ILoveMyNonce"), cipherText, nil)
fmt.Println(string(cipherText))
}
`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesGCM, _ := cipher.NewGCM(block)
cipherText := aesGCM.Seal(nil, []byte{}, []byte("My secret message"), nil)
fmt.Println(string(cipherText))
cipherText, _ = aesGCM.Open(nil, []byte{}, cipherText, nil)
fmt.Println(string(cipherText))
}
`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesGCM, _ := cipher.NewGCM(block)
cipherText := aesGCM.Seal(nil, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, []byte("My secret message"), nil)
fmt.Println(string(cipherText))
cipherText, _ = aesGCM.Open(nil, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, cipherText, nil)
fmt.Println(string(cipherText))
}
`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher( []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesGCM, _ := cipher.NewGCM(block)
cipherText := aesGCM.Seal(nil, func() []byte {
if true {
return []byte("ILoveMyNonce")
} else {
return []byte("IDont'Love..")
}
}(), []byte("My secret message"), nil)
fmt.Println(string(cipherText))
cipherText, _ = aesGCM.Open(nil, func() []byte {
if true {
return []byte("ILoveMyNonce")
} else {
return []byte("IDont'Love..")
}
}(), cipherText, nil)
fmt.Println(string(cipherText))
}
`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesGCM, _ := cipher.NewGCM(block)
cipherText := aesGCM.Seal(nil, func() []byte {
if true {
return []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
} else {
return []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
}
}(), []byte("My secret message"), nil)
fmt.Println(string(cipherText))
cipherText, _ = aesGCM.Open(nil, func() []byte {
if true {
return []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
} else {
return []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
}
}(), cipherText, nil)
fmt.Println(string(cipherText))
}
`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesGCM, _ := cipher.NewGCM(block)
cipheredText := aesGCM.Seal(nil, func() []byte { return []byte("ILoveMyNonce") }(), []byte("My secret message"), nil)
fmt.Println(string(cipheredText))
cipheredText, _ = aesGCM.Open(nil, func() []byte { return []byte("ILoveMyNonce") }(), cipheredText, nil)
fmt.Println(string(cipheredText))
}
`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesGCM, _ := cipher.NewGCM(block)
cipheredText := aesGCM.Seal(nil, func() []byte { return []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1} }(), []byte("My secret message"), nil)
fmt.Println(string(cipheredText))
cipheredText, _ = aesGCM.Open(nil, func() []byte { return []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1} }(), cipheredText, nil)
fmt.Println(string(cipheredText))
}
`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesCFB := cipher.NewCFBEncrypter(block, []byte("ILoveMyNonceAlot"))
var output = make([]byte, 16)
aesCFB.XORKeyStream(output, []byte("Very Cool thing!"))
fmt.Println(string(output))
aesCFB = cipher.NewCFBDecrypter(block, []byte("ILoveMyNonceAlot"))
aesCFB.XORKeyStream(output, output)
fmt.Println(string(output))
}`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesCFB := cipher.NewCFBEncrypter(block, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
var output = make([]byte, 16)
aesCFB.XORKeyStream(output, []byte("Very Cool thing!"))
fmt.Println(string(output))
aesCFB = cipher.NewCFBDecrypter(block, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesCFB.XORKeyStream(output, output)
fmt.Println(string(output))
}`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesCBC := cipher.NewCBCEncrypter(block, []byte("ILoveMyNonceAlot"))
var output = make([]byte, 16)
aesCBC.CryptBlocks(output, []byte("Very Cool thing!"))
fmt.Println(string(output))
aesCBC = cipher.NewCBCDecrypter(block, []byte("ILoveMyNonceAlot"))
aesCBC.CryptBlocks(output, output)
fmt.Println(string(output))
}`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesCBC := cipher.NewCBCEncrypter(block, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
var output = make([]byte, 16)
aesCBC.CryptBlocks(output, []byte("Very Cool thing!"))
fmt.Println(string(output))
aesCBC = cipher.NewCBCDecrypter(block, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesCBC.CryptBlocks(output, output)
fmt.Println(string(output))
}
`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
var nonce = []byte("ILoveMyNonce")
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesGCM, _ := cipher.NewGCM(block)
fmt.Println(string(aesGCM.Seal(nil, nonce, []byte("My secret message"), nil)))
}
`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
func main() {
var nonce = []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesCTR := cipher.NewCTR(block, nonce)
var output = make([]byte, 16)
aesCTR.XORKeyStream(output, []byte("Very Cool thing!"))
fmt.Println(string(output))
}
`}, 1, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"fmt"
)
func coolFunc(size int) []byte{
buf := make([]byte, size)
rand.Read(buf)
return buf
}
func main() {
var nonce = coolFunc(16)
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesCTR := cipher.NewCTR(block, nonce)
var output = make([]byte, 16)
aesCTR.XORKeyStream(output, []byte("Very Cool thing!"))
fmt.Println(string(output))
}
`}, 0, gosec.NewConfig()},
{[]string{`package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
var nonce = []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
func main() {
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
aesGCM, _ := cipher.NewGCM(block)
cipherText := aesGCM.Seal(nil, nonce, []byte("My secret message"), nil)
fmt.Println(string(cipherText))
}
`}, 1, gosec.NewConfig()},
}