-
-
Notifications
You must be signed in to change notification settings - Fork 619
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
G407: requires unique nonce for Open? #1209
Comments
@expp121 please could you have a look at this? Thanks |
Same issue with e.g. |
@imirkin Yes, you are right that the nonce for But right now the rule just checks whether a variable is passed as a nonce argument to these functions For example, if you have a hard-coded But if you don't have the same Another example would be if I have Please tell me if I didn't correctly understand what you were trying to say! And as already mentioned... I am aware that there are other ways to generate random byte array/nonce, but they are not implemented for now! Might to do something about that in the future. |
OK. Perhaps "hard-coded" is unclear then? In no way is it hard-coded in my example. But it's not coming from crypto/rand -- it's coming from storage. The flow is
So when I go to decrypt, I use the nonce from storage that was randomly generated 5 years ago... the decrypt function takes these as parameters -- just one, actually, foo in my example, as they are stored concatenated. |
Okay, yeah.... if you are loading it from storage, that's a different story :D. It will flag it. You are right for this! |
See my comment in #1211 (comment). I had originally filed the two issues since I thought they were different, but they may well be the same. Let's not fork the conversation too much -- continue in #1211 since it seems to have more discussion? |
I'm curious if there's a test case or example on how to get past the check for
is flagged. |
The check is currently broken, I think it should probably be disabled until such a time as it can be reimplemented. |
I agree that we should disable the rule until it gets improved. |
@expp121 Did you have a chance to look at this an try to improve it? |
Nope, but I might give it a look in the future. |
gcm.Open
takes a nonce, but it's meant to be the value passed in atSeal
time, not unique. From https://pkg.go.dev/crypto/cipher#NewGCM:However with code like
gcm.Open(nil, foo[:gcm.NonceSize()], foo[gcm.NonceSize():], nil)
, we get a warning:G407 (CWE-1204): Use of hardcoded IV/nonce for encryption by passing hardcoded slice/array (Confidence: HIGH, Severity: HIGH)
The text was updated successfully, but these errors were encountered: