Create rule S5547: Cipher algorithms should be robust (#4652)

* Add go to rule S5547 * Add description for S5547 for Go --------- Co-authored-by: daniel-teuchert-sonarsource <[email protected]> Co-authored-by: Daniel Teuchert <[email protected]>
SonarSource · Feb 10, 2025 · 162d5ba · 162d5ba
1 parent 19b9e22
commit 162d5ba
Show file tree

Hide file tree

Showing 2 changed files with 76 additions and 0 deletions.
diff --git a/rules/S5547/go/metadata.json b/rules/S5547/go/metadata.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/rules/S5547/go/rule.adoc b/rules/S5547/go/rule.adoc
@@ -0,0 +1,74 @@
+include::../summary.adoc[]
+
+== Why is this an issue?
+
+include::../rationale.adoc[]
+
+include::../impact.adoc[]
+
+== How to fix it
+
+=== Code examples
+
+include::../common/fix/code-rationale.adoc[]
+
+==== Noncompliant code example
+
+[source,go,diff-id=1,diff-type=noncompliant]
+----
+import (
+	"crypto/des"
+	"crypto/rand"
+)
+
+func encrypt(message []byte, key []byte) []byte {
+    blockCipher, _ := des.NewCipher(key) // Noncompliant
+    cipherText := make([]byte, blockCipher.BlockSize())
+    blockCipher.Encrypt(cipherText, message)
+    return cipherText
+}
+----
+
+==== Compliant solution
+
+[source,go,diff-id=1,diff-type=compliant]
+----
+import (
+	"crypto/aes"
+	"crypto/rand"
+)
+
+func encrypt(message []byte, key []byte) []byte {
+    blockCipher, _ := aes.NewCipher(key)
+    cipherText := make([]byte, blockCipher.BlockSize())
+    blockCipher.Encrypt(cipherText, message)
+    return cipherText
+}
+----
+
+=== How does this work?
+
+include::../common/fix/strong-cryptography.adoc[]
+
+
+
+== Resources
+
+include::../common/resources/standards.adoc[]
+
+ifdef::env-github,rspecator-view[]
+
+'''
+== Implementation Specification
+(visible only on this page)
+
+include::../message.adoc[]
+
+'''
+== Comments And Links
+(visible only on this page)
+
+include::../comments-and-links.adoc[]
+
+endif::env-github,rspecator-view[]
+