From e3c3bb4572a1581993e8bb7040e7c0dfedf13e0c Mon Sep 17 00:00:00 2001 From: pedro-oliveira-sonarsource Date: Tue, 14 Jun 2022 09:10:35 +0200 Subject: [PATCH 1/7] [APPSEC-26] Add Kotlin specification --- rules/S6432/kotlin/highlighting.adoc | 9 ++++++ rules/S6432/kotlin/rule.adoc | 42 ++++++++++++++++++++++------ 2 files changed, 43 insertions(+), 8 deletions(-) create mode 100644 rules/S6432/kotlin/highlighting.adoc diff --git a/rules/S6432/kotlin/highlighting.adoc b/rules/S6432/kotlin/highlighting.adoc new file mode 100644 index 00000000000..0650a81ee63 --- /dev/null +++ b/rules/S6432/kotlin/highlighting.adoc @@ -0,0 +1,9 @@ +=== Highlighting + +==== *Java Cryptographic Arquitecture* +* Primary locations +** javax.crypto.Cipher.init call + +* Secondary location +** javax.crypto.spec.GCMParameterSpec constructor +** nonce variable declaration \ No newline at end of file diff --git a/rules/S6432/kotlin/rule.adoc b/rules/S6432/kotlin/rule.adoc index c7a3569c098..7ddccfadb20 100644 --- a/rules/S6432/kotlin/rule.adoc +++ b/rules/S6432/kotlin/rule.adoc @@ -1,22 +1,48 @@ -FIXME: add a description - -// If you want to factorize the description uncomment the following line and create the file. -//include::../description.adoc[] +include::../description.adoc[] == Noncompliant Code Example [source,kotlin] ---- -FIXME +fun encrypt((key: ByteArray, ptxt: ByteArray)) { + val nonce: ByteArray = "7cVgr5cbdCZV".toByteArray() // Secondary location: Static initialization vector (IV) + + val gcmSpec = GCMParameterSpec(128, nonce) // Secondary location: Initialization vector (IV) configured + val skeySpec = SecretKeySpec(key, "AES") + + val cipher: Cipher = Cipher.getInstance("AES/GCM/NoPadding") + cipher.init(Cipher.ENCRYPT_MODE, skeySpec, gcmSpec) // Noncompliant +} ---- == Compliant Solution [source,kotlin] ---- -FIXME +fun encrypt((key: ByteArray, ptxt: ByteArray)) { + val random: SecureRandom = SecureRandom() + val nonce: ByteArray = ByteArray(12) + random.nextBytes(nonce) // Random 96 bit IV + + val gcmSpec = GCMParameterSpec(128, nonce) + val skeySpec = SecretKeySpec(key, "AES") + + val cipher: Cipher = Cipher.getInstance("AES/GCM/NoPadding") + cipher.init(Cipher.ENCRYPT_MODE, skeySpec, gcmSpec) +} ---- -== See +include::../see.adoc[] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::../highlighting.adoc[] -FIXME: A list of links \ No newline at end of file +endif::env-github,rspecator-view[] \ No newline at end of file From 968914891e412b609005da79866d383f138f8a71 Mon Sep 17 00:00:00 2001 From: pedro-oliveira-sonarsource Date: Tue, 14 Jun 2022 09:34:27 +0200 Subject: [PATCH 2/7] highlighting include fix --- rules/S6432/kotlin/rule.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/S6432/kotlin/rule.adoc b/rules/S6432/kotlin/rule.adoc index 7ddccfadb20..279866718fb 100644 --- a/rules/S6432/kotlin/rule.adoc +++ b/rules/S6432/kotlin/rule.adoc @@ -43,6 +43,6 @@ ifdef::env-github,rspecator-view[] include::../message.adoc[] -include::../highlighting.adoc[] +include::./highlighting.adoc[] endif::env-github,rspecator-view[] \ No newline at end of file From d418d3e0bb946f3e7e2bded546fc9356342e5d6e Mon Sep 17 00:00:00 2001 From: pedro-oliveira-sonarsource Date: Tue, 14 Jun 2022 14:10:42 +0200 Subject: [PATCH 3/7] highlighting subtitle remove, one library coverage --- rules/S6432/kotlin/highlighting.adoc | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/S6432/kotlin/highlighting.adoc b/rules/S6432/kotlin/highlighting.adoc index 0650a81ee63..21a8408330f 100644 --- a/rules/S6432/kotlin/highlighting.adoc +++ b/rules/S6432/kotlin/highlighting.adoc @@ -1,6 +1,5 @@ === Highlighting -==== *Java Cryptographic Arquitecture* * Primary locations ** javax.crypto.Cipher.init call From cb80ce2afc93783ecfba1216b6e2e571253d5a82 Mon Sep 17 00:00:00 2001 From: pedro-oliveira-sonarsource Date: Tue, 14 Jun 2022 14:20:04 +0200 Subject: [PATCH 4/7] highlighting.adoc update --- rules/S6432/kotlin/highlighting.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/S6432/kotlin/highlighting.adoc b/rules/S6432/kotlin/highlighting.adoc index 21a8408330f..4176f1f2cef 100644 --- a/rules/S6432/kotlin/highlighting.adoc +++ b/rules/S6432/kotlin/highlighting.adoc @@ -1,8 +1,8 @@ === Highlighting -* Primary locations +* Primary location ** javax.crypto.Cipher.init call -* Secondary location +* Secondary locations ** javax.crypto.spec.GCMParameterSpec constructor ** nonce variable declaration \ No newline at end of file From d8125d1b8418481ecf903eca6634db5120000153 Mon Sep 17 00:00:00 2001 From: pedro-oliveira-sonarsource Date: Wed, 15 Jun 2022 09:42:49 +0200 Subject: [PATCH 5/7] comments string fix --- rules/S6432/kotlin/rule.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/S6432/kotlin/rule.adoc b/rules/S6432/kotlin/rule.adoc index 279866718fb..b3b7ef389b7 100644 --- a/rules/S6432/kotlin/rule.adoc +++ b/rules/S6432/kotlin/rule.adoc @@ -5,9 +5,9 @@ include::../description.adoc[] [source,kotlin] ---- fun encrypt((key: ByteArray, ptxt: ByteArray)) { - val nonce: ByteArray = "7cVgr5cbdCZV".toByteArray() // Secondary location: Static initialization vector (IV) + val nonce: ByteArray = "7cVgr5cbdCZV".toByteArray() // Noncompliant: Static initialization vector (IV) - val gcmSpec = GCMParameterSpec(128, nonce) // Secondary location: Initialization vector (IV) configured + val gcmSpec = GCMParameterSpec(128, nonce) // Noncompliant: Initialization vector (IV) configured val skeySpec = SecretKeySpec(key, "AES") val cipher: Cipher = Cipher.getInstance("AES/GCM/NoPadding") From 7fceefc4202392ca8d2f46bf17444fc01ae6228a Mon Sep 17 00:00:00 2001 From: pedro-oliveira-sonarsource Date: Wed, 15 Jun 2022 16:47:45 +0200 Subject: [PATCH 6/7] Duplicate brackets removed --- rules/S6432/kotlin/rule.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/S6432/kotlin/rule.adoc b/rules/S6432/kotlin/rule.adoc index b3b7ef389b7..7567619078d 100644 --- a/rules/S6432/kotlin/rule.adoc +++ b/rules/S6432/kotlin/rule.adoc @@ -4,7 +4,7 @@ include::../description.adoc[] [source,kotlin] ---- -fun encrypt((key: ByteArray, ptxt: ByteArray)) { +fun encrypt(key: ByteArray, ptxt: ByteArray) { val nonce: ByteArray = "7cVgr5cbdCZV".toByteArray() // Noncompliant: Static initialization vector (IV) val gcmSpec = GCMParameterSpec(128, nonce) // Noncompliant: Initialization vector (IV) configured @@ -19,7 +19,7 @@ fun encrypt((key: ByteArray, ptxt: ByteArray)) { [source,kotlin] ---- -fun encrypt((key: ByteArray, ptxt: ByteArray)) { +fun encrypt(key: ByteArray, ptxt: ByteArray) { val random: SecureRandom = SecureRandom() val nonce: ByteArray = ByteArray(12) random.nextBytes(nonce) // Random 96 bit IV From bd3fd17e347094ff56e9b6723d0f0c8fa7d79090 Mon Sep 17 00:00:00 2001 From: pedro-oliveira-sonarsource <104737234+pedro-oliveira-sonarsource@users.noreply.github.com> Date: Thu, 16 Jun 2022 13:48:23 +0200 Subject: [PATCH 7/7] Apply suggestions from code review Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> --- rules/S6432/kotlin/rule.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/S6432/kotlin/rule.adoc b/rules/S6432/kotlin/rule.adoc index 7567619078d..b9f8c2ee1f8 100644 --- a/rules/S6432/kotlin/rule.adoc +++ b/rules/S6432/kotlin/rule.adoc @@ -5,9 +5,9 @@ include::../description.adoc[] [source,kotlin] ---- fun encrypt(key: ByteArray, ptxt: ByteArray) { - val nonce: ByteArray = "7cVgr5cbdCZV".toByteArray() // Noncompliant: Static initialization vector (IV) + val nonce: ByteArray = "7cVgr5cbdCZV".toByteArray() // The initialization vector is a static value - val gcmSpec = GCMParameterSpec(128, nonce) // Noncompliant: Initialization vector (IV) configured + val gcmSpec = GCMParameterSpec(128, nonce) // The initialization vector is configured here val skeySpec = SecretKeySpec(key, "AES") val cipher: Cipher = Cipher.getInstance("AES/GCM/NoPadding")