Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity
    • Default Quality Profiles:
      Sonar way

      Description

      Noncompliant Code Example

      CkoCrypt2 library:

      let crypt1 = CkoCrypt2()
      crypt1.CryptAlgorithm = "3des" // Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack
      
      let crypt2 = CkoCrypt2()
      crypt2.CryptAlgorithm = "blowfish" // Noncompliant: Blowfish use a 64-bit block size makes it vulnerable to birthday attacks
      
      let crypt3 = CkoCrypt2()
      crypt3.CryptAlgorithm = "des" // Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search
      
      let crypt4 = CkoCrypt2()
      crypt4.CryptAlgorithm = "rc2" // Noncompliant: RC2 is vulnerable to a related-key attack 
      
      let crypt5 = CkoCrypt2()
      crypt5.CryptAlgorithm = "arc4" // Noncompliant: vulnerable to several attacks (see https://en.wikipedia.org/wiki/RC4#Security)
      

      BlueCryptor library:

      let cryptor1 = try Cryptor(operation: .encrypt, algorithm: .des, options: [.ecbMode], key: key, iv: []) // Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search
      let cryptor2 = try Cryptor(operation: .encrypt, algorithm: .tripleDes, options: [.ecbMode], key: key, iv: []) // Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack
      let cryptor3 = try Cryptor(operation: .encrypt, algorithm: .rc2, options: [.ecbMode], key: key, iv: []) // Noncompliant: RC2 is vulnerable to a related-key attack 
      let cryptor4 = try Cryptor(operation: .encrypt, algorithm: .blowfish, options: [.ecbMode], key: key, iv: []) // Noncompliant: Blowfish use a 64-bit block size makes it vulnerable to birthday attacks
      

      Compliant Solution

      CkoCrypt2 library:

      let crypt1 = CkoCrypt2() // Compliant: by default CryptAlgorithm property value is aes
      
      let crypt2 = CkoCrypt2()
      crypt2.CryptAlgorithm = "aes" // Compliant
      

      BlueCryptor library:

      let cryptor1 = try Cryptor(operation: .encrypt, algorithm: .aes, options: [.ecbMode], key: key, iv: []) // Compliant
      let cryptor2 = try Cryptor(operation: .encrypt, algorithm: .aes128, options: [.ecbMode], key: key, iv: []) // Compliant
      let cryptor3 = try Cryptor(operation: .encrypt, algorithm: .aes192, options: [.ecbMode], key: key, iv: []) // Compliant
      let cryptor4 = try Cryptor(operation: .encrypt, algorithm: .aes256, options: [.ecbMode], key: key, iv: []) // Compliant
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              eric.therond Eric Therond
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: