Uploaded image for project: 'SonarPython'
  1. SonarPython
  2. SONARPY-662

Rule S5542 Encryption algorithms should be used with secure mode and padding scheme

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.10
    • Component/s: Rules
    • Labels:
      None

      Description

      Implements: https://jira.sonarsource.com/browse/RSPEC-5542

      Detection pattern: exhaustive cases are in the code examples
      https://github.com/SonarSource/security-expected-issues/tree/master/python/rules/vulnerabilities/RSPEC-5542

      This rule should be triggered when unsafe modes (see code examples) are used during cryptographic operations:

      print DES.MODE_ECB # DES.MODE_ECB is just printed/not used during cryptographic operations => COMPLIANT
      

      For pycryptodomex, pycryptodome and pycrypto libraries:

      #for symmetric algorithms
      DES.new(key, DES.MODE_ECB) # Noncompliant
      # ---------- ^^^^^^^^^^^^^
      
      # for asymmetric algorithm (RSA only)
      PKCS1_v1_5.new(key) # Noncompliant
      # ^^^^^^^^^
      

      For pyca library:

      tdes4 = Cipher(algorithms.TripleDES(key), modes.CBC(iv), backend=default_backend()) # Noncompliant
      # --------------------------------------- ^^^^^^^^^^^^^
      

      For pydes library:

      des1 = pyDes.des('ChangeIt') # Noncompliant  
      des2 = pyDes.des('ChangeIt', pyDes.CBC, "\0\0\0\0\0\0\0\0", pad=None, padmode=pyDes.PAD_PKCS5) # Noncompliant
      des2 = pyDes.des('ChangeIt', pyDes.ECB, "\0\0\0\0\0\0\0\0", pad=None, padmode=pyDes.PAD_PKCS5) # Noncompliant
      #every time pyDes.des constructor is called (noncompliant neverless the number of parameters) 
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                andrea.guarino Andrea Guarino
                Reporter:
                eric.therond Eric Therond
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: