Skip to content

Commit 229cf63

Browse files
ccojocarccojocar
committed
Remove the decryption funtions/methods from G407 check
The nonce in the decryption functions/methods is typically provided and it should not be randomnly generated. Change-Id: Id0df0d43aecb2aadb00b9fa901bd060a43a201c5 Signed-off-by: Cosmin Cojocar <[email protected]>
1 parent 699cb55 commit 229cf63

File tree

2 files changed

+11
-14
lines changed

2 files changed

+11
-14
lines changed

analyzers/hardcodedNonce.go renamed to analyzers/hardcoded_nonce.go

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -48,10 +48,7 @@ func runHardCodedNonce(pass *analysis.Pass) (interface{}, error) {
4848
// Example "Test" 3, 1 -- means the function "Test" which accepts 3 arguments, and has the nonce arg as second argument
4949
calls := map[string][]int{
5050
"(crypto/cipher.AEAD).Seal": {4, 1},
51-
"(crypto/cipher.AEAD).Open": {4, 1},
52-
"crypto/cipher.NewCBCDecrypter": {2, 1},
5351
"crypto/cipher.NewCBCEncrypter": {2, 1},
54-
"crypto/cipher.NewCFBDecrypter": {2, 1},
5552
"crypto/cipher.NewCFBEncrypter": {2, 1},
5653
"crypto/cipher.NewCTR": {2, 1},
5754
"crypto/cipher.NewOFB": {2, 1},

testutils/g407_samples.go

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -173,7 +173,7 @@ func main() {
173173
cipherText, _ = aesGCM.Open(nil, []byte("ILoveMyNonce"), cipherText, nil)
174174
fmt.Println(string(cipherText))
175175
}
176-
`}, 2, gosec.NewConfig()},
176+
`}, 1, gosec.NewConfig()},
177177

178178
{[]string{`package main
179179
@@ -193,7 +193,7 @@ func main() {
193193
cipherText, _ = aesGCM.Open(nil, []byte{}, cipherText, nil)
194194
fmt.Println(string(cipherText))
195195
}
196-
`}, 2, gosec.NewConfig()},
196+
`}, 1, gosec.NewConfig()},
197197

198198
{[]string{`package main
199199
@@ -214,7 +214,7 @@ func main() {
214214
cipherText, _ = aesGCM.Open(nil, []byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, cipherText, nil)
215215
fmt.Println(string(cipherText))
216216
}
217-
`}, 2, gosec.NewConfig()},
217+
`}, 1, gosec.NewConfig()},
218218

219219
{[]string{`package main
220220
@@ -248,7 +248,7 @@ func main() {
248248
249249
fmt.Println(string(cipherText))
250250
}
251-
`}, 2, gosec.NewConfig()},
251+
`}, 1, gosec.NewConfig()},
252252

253253
{[]string{`package main
254254
@@ -281,7 +281,7 @@ func main() {
281281
}(), cipherText, nil)
282282
fmt.Println(string(cipherText))
283283
}
284-
`}, 2, gosec.NewConfig()},
284+
`}, 1, gosec.NewConfig()},
285285

286286
{[]string{`package main
287287
@@ -301,7 +301,7 @@ func main() {
301301
fmt.Println(string(cipheredText))
302302
303303
}
304-
`}, 2, gosec.NewConfig()},
304+
`}, 1, gosec.NewConfig()},
305305

306306
{[]string{`package main
307307
@@ -321,7 +321,7 @@ func main() {
321321
fmt.Println(string(cipheredText))
322322
323323
}
324-
`}, 2, gosec.NewConfig()},
324+
`}, 1, gosec.NewConfig()},
325325

326326
{[]string{`package main
327327
@@ -342,7 +342,7 @@ func main() {
342342
aesCFB.XORKeyStream(output, output)
343343
fmt.Println(string(output))
344344
345-
}`}, 2, gosec.NewConfig()},
345+
}`}, 1, gosec.NewConfig()},
346346

347347
{[]string{`package main
348348
@@ -363,7 +363,7 @@ func main() {
363363
aesCFB.XORKeyStream(output, output)
364364
fmt.Println(string(output))
365365
366-
}`}, 2, gosec.NewConfig()},
366+
}`}, 1, gosec.NewConfig()},
367367

368368
{[]string{`package main
369369
@@ -386,7 +386,7 @@ func main() {
386386
aesCBC.CryptBlocks(output, output)
387387
fmt.Println(string(output))
388388
389-
}`}, 2, gosec.NewConfig()},
389+
}`}, 1, gosec.NewConfig()},
390390

391391
{[]string{`package main
392392
@@ -410,7 +410,7 @@ func main() {
410410
fmt.Println(string(output))
411411
412412
}
413-
`}, 2, gosec.NewConfig()},
413+
`}, 1, gosec.NewConfig()},
414414

415415
{[]string{`package main
416416

0 commit comments

Comments
 (0)