mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 20:15:54 +00:00
229cf63a09
The nonce in the decryption functions/methods is typically provided and it should not be randomnly generated. Change-Id: Id0df0d43aecb2aadb00b9fa901bd060a43a201c5 Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
496 lines
11 KiB
Go
496 lines
11 KiB
Go
package testutils
|
|
|
|
import "github.com/securego/gosec/v2"
|
|
|
|
// SampleCodeG407 - Use of hardcoded nonce/IV
|
|
var SampleCodeG407 = []CodeSample{
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesOFB := cipher.NewOFB(block, []byte("ILoveMyNonceAlot"))
|
|
var output = make([]byte, 16)
|
|
aesOFB.XORKeyStream(output, []byte("Very Cool thing!"))
|
|
fmt.Println(string(output))
|
|
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func encrypt(nonce []byte) {
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesOFB := cipher.NewOFB(block, nonce)
|
|
var output = make([]byte, 16)
|
|
aesOFB.XORKeyStream(output, []byte("Very Cool thing!"))
|
|
fmt.Println(string(output))
|
|
}
|
|
|
|
func main() {
|
|
|
|
var nonce = []byte("ILoveMyNonceAlot")
|
|
encrypt(nonce)
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesOFB := cipher.NewOFB(block, []byte("ILoveMyNonceAlot")) // #nosec G407
|
|
var output = make([]byte, 16)
|
|
aesOFB.XORKeyStream(output, []byte("Very Cool thing!"))
|
|
fmt.Println(string(output))
|
|
|
|
}
|
|
|
|
`}, 0, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher( []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesGCM, _ := cipher.NewGCM(block)
|
|
|
|
cipherText := aesGCM.Seal(nil, func() []byte {
|
|
if true {
|
|
return []byte("ILoveMyNonce")
|
|
} else {
|
|
return []byte("IDont'Love..")
|
|
}
|
|
}(), []byte("My secret message"), nil) // #nosec G407
|
|
fmt.Println(string(cipherText))
|
|
|
|
cipherText, _ = aesGCM.Open(nil, func() []byte {
|
|
if true {
|
|
return []byte("ILoveMyNonce")
|
|
} else {
|
|
return []byte("IDont'Love..")
|
|
}
|
|
}(), cipherText, nil) // #nosec G407
|
|
|
|
fmt.Println(string(cipherText))
|
|
}
|
|
`}, 0, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesOFB := cipher.NewOFB(block, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
var output = make([]byte, 16)
|
|
aesOFB.XORKeyStream(output, []byte("Very Cool thing!"))
|
|
fmt.Println(string(output))
|
|
|
|
}`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesCTR := cipher.NewCTR(block, []byte("ILoveMyNonceAlot"))
|
|
var output = make([]byte, 16)
|
|
aesCTR.XORKeyStream(output, []byte("Very Cool thing!"))
|
|
fmt.Println(string(output))
|
|
|
|
}`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesCTR := cipher.NewCTR(block, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
var output = make([]byte, 16)
|
|
aesCTR.XORKeyStream(output, []byte("Very Cool thing!"))
|
|
fmt.Println(string(output))
|
|
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesGCM, _ := cipher.NewGCM(block)
|
|
|
|
cipherText := aesGCM.Seal(nil, []byte("ILoveMyNonce"), []byte("My secret message"), nil)
|
|
fmt.Println(string(cipherText))
|
|
cipherText, _ = aesGCM.Open(nil, []byte("ILoveMyNonce"), cipherText, nil)
|
|
fmt.Println(string(cipherText))
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesGCM, _ := cipher.NewGCM(block)
|
|
cipherText := aesGCM.Seal(nil, []byte{}, []byte("My secret message"), nil)
|
|
fmt.Println(string(cipherText))
|
|
|
|
cipherText, _ = aesGCM.Open(nil, []byte{}, cipherText, nil)
|
|
fmt.Println(string(cipherText))
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesGCM, _ := cipher.NewGCM(block)
|
|
|
|
cipherText := aesGCM.Seal(nil, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, []byte("My secret message"), nil)
|
|
fmt.Println(string(cipherText))
|
|
|
|
cipherText, _ = aesGCM.Open(nil, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, cipherText, nil)
|
|
fmt.Println(string(cipherText))
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher( []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesGCM, _ := cipher.NewGCM(block)
|
|
|
|
cipherText := aesGCM.Seal(nil, func() []byte {
|
|
if true {
|
|
return []byte("ILoveMyNonce")
|
|
} else {
|
|
return []byte("IDont'Love..")
|
|
}
|
|
}(), []byte("My secret message"), nil)
|
|
fmt.Println(string(cipherText))
|
|
|
|
cipherText, _ = aesGCM.Open(nil, func() []byte {
|
|
if true {
|
|
return []byte("ILoveMyNonce")
|
|
} else {
|
|
return []byte("IDont'Love..")
|
|
}
|
|
}(), cipherText, nil)
|
|
|
|
fmt.Println(string(cipherText))
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesGCM, _ := cipher.NewGCM(block)
|
|
|
|
cipherText := aesGCM.Seal(nil, func() []byte {
|
|
if true {
|
|
return []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
|
|
} else {
|
|
return []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
|
|
}
|
|
}(), []byte("My secret message"), nil)
|
|
fmt.Println(string(cipherText))
|
|
|
|
cipherText, _ = aesGCM.Open(nil, func() []byte {
|
|
if true {
|
|
return []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
|
|
} else {
|
|
return []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
|
|
}
|
|
}(), cipherText, nil)
|
|
fmt.Println(string(cipherText))
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesGCM, _ := cipher.NewGCM(block)
|
|
cipheredText := aesGCM.Seal(nil, func() []byte { return []byte("ILoveMyNonce") }(), []byte("My secret message"), nil)
|
|
fmt.Println(string(cipheredText))
|
|
cipheredText, _ = aesGCM.Open(nil, func() []byte { return []byte("ILoveMyNonce") }(), cipheredText, nil)
|
|
fmt.Println(string(cipheredText))
|
|
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesGCM, _ := cipher.NewGCM(block)
|
|
cipheredText := aesGCM.Seal(nil, func() []byte { return []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1} }(), []byte("My secret message"), nil)
|
|
fmt.Println(string(cipheredText))
|
|
cipheredText, _ = aesGCM.Open(nil, func() []byte { return []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1} }(), cipheredText, nil)
|
|
fmt.Println(string(cipheredText))
|
|
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesCFB := cipher.NewCFBEncrypter(block, []byte("ILoveMyNonceAlot"))
|
|
var output = make([]byte, 16)
|
|
aesCFB.XORKeyStream(output, []byte("Very Cool thing!"))
|
|
fmt.Println(string(output))
|
|
aesCFB = cipher.NewCFBDecrypter(block, []byte("ILoveMyNonceAlot"))
|
|
aesCFB.XORKeyStream(output, output)
|
|
fmt.Println(string(output))
|
|
|
|
}`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesCFB := cipher.NewCFBEncrypter(block, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
var output = make([]byte, 16)
|
|
aesCFB.XORKeyStream(output, []byte("Very Cool thing!"))
|
|
fmt.Println(string(output))
|
|
aesCFB = cipher.NewCFBDecrypter(block, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesCFB.XORKeyStream(output, output)
|
|
fmt.Println(string(output))
|
|
|
|
}`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesCBC := cipher.NewCBCEncrypter(block, []byte("ILoveMyNonceAlot"))
|
|
|
|
var output = make([]byte, 16)
|
|
aesCBC.CryptBlocks(output, []byte("Very Cool thing!"))
|
|
fmt.Println(string(output))
|
|
|
|
aesCBC = cipher.NewCBCDecrypter(block, []byte("ILoveMyNonceAlot"))
|
|
aesCBC.CryptBlocks(output, output)
|
|
fmt.Println(string(output))
|
|
|
|
}`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesCBC := cipher.NewCBCEncrypter(block, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
|
|
var output = make([]byte, 16)
|
|
aesCBC.CryptBlocks(output, []byte("Very Cool thing!"))
|
|
fmt.Println(string(output))
|
|
|
|
aesCBC = cipher.NewCBCDecrypter(block, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesCBC.CryptBlocks(output, output)
|
|
fmt.Println(string(output))
|
|
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
var nonce = []byte("ILoveMyNonce")
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesGCM, _ := cipher.NewGCM(block)
|
|
fmt.Println(string(aesGCM.Seal(nil, nonce, []byte("My secret message"), nil)))
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
func main() {
|
|
|
|
var nonce = []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesCTR := cipher.NewCTR(block, nonce)
|
|
var output = make([]byte, 16)
|
|
aesCTR.XORKeyStream(output, []byte("Very Cool thing!"))
|
|
fmt.Println(string(output))
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/rand"
|
|
"fmt"
|
|
)
|
|
|
|
func coolFunc(size int) []byte{
|
|
buf := make([]byte, size)
|
|
rand.Read(buf)
|
|
return buf
|
|
}
|
|
|
|
func main() {
|
|
|
|
var nonce = coolFunc(16)
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesCTR := cipher.NewCTR(block, nonce)
|
|
var output = make([]byte, 16)
|
|
aesCTR.XORKeyStream(output, []byte("Very Cool thing!"))
|
|
fmt.Println(string(output))
|
|
}
|
|
`}, 0, gosec.NewConfig()},
|
|
|
|
{[]string{`package main
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"fmt"
|
|
)
|
|
|
|
var nonce = []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
|
|
|
|
func main() {
|
|
|
|
block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
|
|
aesGCM, _ := cipher.NewGCM(block)
|
|
cipherText := aesGCM.Seal(nil, nonce, []byte("My secret message"), nil)
|
|
fmt.Println(string(cipherText))
|
|
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
}
|