Uploaded image for project: 'SonarPython'
  1. SonarPython
  2. SONARPY-321

Rule S4787: Encrypting data is security-sensitive

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.16
    • Component/s: Rules
    • Labels:
      None

      Description

      • pyca/cryptography
        cryptography.fernet.Fernet() # Questionable
        cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305() # Questionable
        cryptography.hazmat.primitives.ciphers.aead.AESGCM()  # Questionable
        cryptography.hazmat.primitives.ciphers.aead.AESCCM() # Questionable
        
        cryptography.hazmat.primitives.asymmetric.dh.generate_parameters() # Questionable; Not covered by S4426
        
        cryptography.hazmat.primitives.ciphers.Cipher()  # Questionable
        
      • pyca/pynacl
        nacl.public.Box()  # Questionable
        nacl.secret.SecretBox()  # Questionable
        
      • PyCrypto
        Crypto.Cipher.AES.new()  # Questionable
        Crypto.Cipher.DES.new() # Questionable
        Crypto.Cipher.DES3.new() # Questionable
        Crypto.Cipher.ARC2.new() # Questionable
        Crypto.Cipher.ARC4.new() # Questionable
        Crypto.Cipher.Blowfish.new() # Questionable
        Crypto.Cipher.CAST.new() # Questionable
        Crypto.Cipher.PKCS1_v1_5.new() # Questionable
        Crypto.Cipher.PKCS1_OAEP.new()# Questionable
        Crypto.Cipher.XOR.new()# Questionable
        
        Crypto.PublicKey.ElGamal.generate()  # Questionable; Not covered by S4426
        
      • Cryptodome
        Cryptodome.Cipher.AES.new() # Questionable
        Cryptodome.Cipher.ChaCha20.new() # Questionable
        Cryptodome.Cipher.DES.new() # Questionable
        Cryptodome.Cipher.DES3.new() # Questionable
        Cryptodome.Cipher.ARC2.new() # Questionable
        Cryptodome.Cipher.ARC4.new() # Questionable
        Cryptodome.Cipher.Blowfish.new() # Questionable
        Cryptodome.Cipher.CAST.new() # Questionable
        Cryptodome.Cipher.PKCS1_v1_5.new() # Questionable
        Cryptodome.Cipher.PKCS1_OAEP.new() # Questionable
        Cryptodome.Cipher.ChaCha20_Poly1305.new() # Questionable
        Cryptodome.Cipher.Salsa20.new() # Questionable
        
        Cryptodome.PublicKey.ElGamal.generate() # Questionable; ; Not covered by S4426
        

      POC: https://github.com/SonarSource/security-expected-issues/tree/master/python/rules/hotspots/RSPEC-4787%20Encrypting%20data%20is%20security-sensitive

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                andrea.guarino Andrea Guarino
                Reporter:
                nicolas.harraudeau Nicolas Harraudeau
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: