Uploaded image for project: 'SonarSwift'
  1. SonarSwift
  2. SONARSWIFT-457

Rule S4790: Using weak hashing algorithms is security-sensitive

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.3
    • Component/s: Rules

      Description

      The content/implementation of S2070 should "be moved" to S4790 (the key of the rule should be updated).
      The issue message should also be updates:

      CC_MD5(data.bytes, CC_LONG(data.length), &digest) // Noncompliant {{Make sure this weak hash algorithm is not used in a sensitive context here.}}

      Hardening of ITs

      The ITs should cover the latest API of CryptoSwift:

      let bytes:Array<UInt8> = [0x01, 0x02, 0x03]
let digest1 = input.md5() // Noncompliant
let digest2 = Digest.md5(bytes) // Noncompliant

var hash = "123".md5()  // Noncompliant
hash = data.md5() // Noncompliant
hash = data.sha1() // Noncompliant
hash = data.sha224() // Compliant
hash = data.sha256() // Compliant
hash = data.sha384() // Compliant
hash = data.sha512() // Compliant

        Attachments

          Issue Links

          depends upon

          Improvement - An improvement or enhancement to an existing feature or task. SONARSWIFT-458 Deprecate S2070 in favor of S4790

          • Major - Major loss of function.
          • Closed
          implements

          Security Hotspot Detection - RSPEC-4790 Using weak hashing algorithms is security-sensitive

          • Active

            Activity

              People

              • Assignee:
                margarita.nedzelska Margarita Nedzelska
                Reporter:
                pierre-loup.tristant Pierre-Loup Tristant
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: