Uploaded image for project: 'SonarCFamily'
  1. SonarCFamily
  2. CPP-2320

Rule S5547: Cipher algorithms should be robust

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.14
    • Component/s: C, C++, Rules
    • Labels:
      None

      Description

      The goal of this rule is to detect use of weak cipher algorithms.
      It supports botan and crypto++ libraries

      S5547 is a new rule replacing S2278
      Old ticket (won't fix now): https://jira.sonarsource.com/browse/CPP-2022

      botan

      Detection logic
      Look for the following functions:

      • Botan::BlockCipher::create
      • Botan::BlockCipher::create_or_throw
      • Botan::StreamCipher::create
      • Botan::StreamCipher::create_or_throw
      • Botan::Cipher_Mode::create
      • Botan::Cipher_Mode::create_or_throw
      • Botan::get_cipher_mode

      When one these functions is called raise an issue if first parameter (string) should starts with

      • Blowfish
      • DES
      • 3DES
      • DESX
      • CAST-128
      • GOST-28147-89
      • IDEA
      • KASUMI
      • MISTY1
      • RC4
      • XTEA

      Code examples
      https://github.com/SonarSource/security-expected-issues/tree/master/cc%2B%2B/rules/vulnerabilities/RSPEC-5547/botan/examples.cpp

      Crypto++

      Detection logic

      Raise an issue when one of the following namespaces is used:

      • CryptoPP::ARC4
      • CryptoPP::MARC4
      • CryptoPP::Weak1? (Weak or Weak1)
      • CryptoPP::BlowfishEncryption
      • CryptoPP::BlowfishDecryption
      • CryptoPP::GOST
      • CryptoPP::GOSTEncryption
      • CryptoPP::GOSTDecryption
      • CryptoPP::IDEA
      • CryptoPP::IDEAEncryption
      • CryptoPP::IDEADecryption
      • CryptoPP::TEA
      • CryptoPP::TEAEncryption
      • CryptoPP::TEADecryption
      • CryptoPP::BTEA
      • CryptoPP::XTEA
      • CryptoPP::DES
      • CryptoPP::DESEncryption
      • CryptoPP::DESDecryption
      • CryptoPP::DES_EDE2
      • CryptoPP::DES_EDE2_Encryption
      • CryptoPP::DES_EDE2_Decryption
      • CryptoPP::DES_EDE3
      • CryptoPP::DES_EDE3_Encryption
      • CryptoPP::DES_EDE3_Decryption
      • CryptoPP::DES_XEX3
      • CryptoPP::DES_XEX3_Encryption
      • CryptoPP::DES_XEX3_Decryption
      • CryptoPP::RC2
      • CryptoPP::RC2Encryption
      • CryptoPP::RC2Decryption

      Code examples
      https://github.com/SonarSource/security-expected-issues/tree/master/cc%2B%2B/rules/vulnerabilities/RSPEC-5547/crypto++/examples.cpp

      OpenSSL

      Detection logic
      Look for the following functions:

      • EVP_bf
      • EVP_cast5
      • EVP_des
      • EVP_idea
      • EVP_rc4
      • EVP_rc2

      Raise ans issue when one of them is called.

      Code examples
      https://github.com/SonarSource/security-expected-issues/tree/master/cc%2B%2B/rules/vulnerabilities/RSPEC-5547/openssl/examples.cpp

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              geoffray.adde Geoffray Adde
              Reporter:
              eric.therond Eric Therond (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: