securesauce · ericwb · Jan 2, 2024 · Jan 2, 2024
@@ -0,0 +1,15 @@
+// level: NONE
+package main
+
+import (
+    "crypto/aes"
+)
+
+func main() {
+    aesKey := []byte("example key 1234")
+
+    _, err := aes.NewCipher(aesKey)
+    if err != nil {
+        panic(err)
+    }
+}
@@ -1,8 +1,8 @@
 // level: ERROR
 // start_line: 19
 // end_line: 19
-// start_column: 38
-// end_column: 41
+// start_column: 14
+// end_column: 36
 package main
 
 import (

@@ -0,0 +1,32 @@
+// level: ERROR
+// start_line: 22
+// end_line: 22
+// start_column: 14
+// end_column: 27
+package main
+
+import (
+    "crypto/rc4"
+    "fmt"
+    "log"
+)
+
+func main() {
+    // The key for RC4 must be between 1 and 256 bytes long
+    key := []byte("your-secure-key")
+
+    // The plaintext message you want to encrypt
+    plaintext := []byte("Hello, world!")
+
+    // Creating the cipher
+    c, err := rc4.NewCipher(key)
+    if err != nil {
+        log.Fatal(err)
+    }
+
+    // Encrypting the plaintext
+    ciphertext := make([]byte, len(plaintext))
+    c.XORKeyStream(ciphertext, plaintext)
+
+    fmt.Printf("Ciphertext: %x\n", ciphertext)
+}
@@ -1,8 +1,8 @@
 // level: ERROR
 // start_line: 14
 // end_line: 14
-// start_column: 38
-// end_column: 41
+// start_column: 9
+// end_column: 16
 package main
 
 import (

@@ -0,0 +1,16 @@
+// level: ERROR
+// start_line: 15
+// end_line: 15
+// start_column: 21
+// end_column: 28
+package main
+
+import (
+    "crypto/md5"
+    "fmt"
+)
+
+func main() {
+    data := []byte("These pretzels are making me thirsty.")
+    fmt.Printf("%x", md5.Sum(data))
+}
@@ -1,8 +1,8 @@
 // level: ERROR
-// start_line: 9
-// end_line: 9
-// start_column: 38
-// end_column: 41
+// start_line: 14
+// end_line: 14
+// start_column: 9
+// end_column: 17
 package main
 
 import (

@@ -0,0 +1,16 @@
+// level: ERROR
+// start_line: 15
+// end_line: 15
+// start_column: 22
+// end_column: 30
+package main
+
+import (
+    "crypto/sha1"
+    "fmt"
+)
+
+func main() {
+    data := []byte("This page intentionally left blank.")
+    fmt.Printf("% x", sha1.Sum(data))
+}
@@ -0,0 +1,13 @@
+// level: NONE
+package main
+
+import (
+    "crypto/sha256"
+    "fmt"
+)
+
+func main() {
+    h := sha256.New()
+    h.Write([]byte("hello world\n"))
+    fmt.Printf("%x", h.Sum(nil))
+}
@@ -0,0 +1,12 @@
+// level: NONE
+package main
+
+import (
+    "crypto/sha256"
+    "fmt"
+)
+
+func main() {
+    sum := sha256.Sum256([]byte("hello world\n"))
+    fmt.Printf("%x", sum)
+}
@@ -1,8 +1,8 @@
 // level: ERROR
 // start_line: 21
 // end_line: 21
-// start_column: 38
-// end_column: 41
+// start_column: 63
+// end_column: 72
 package main
 
 import (

@@ -0,0 +1,37 @@
+// level: NONE
+package main
+
+import (
+    "crypto/dsa"
+    "crypto/rand"
+    "fmt"
+    "log"
+    "math/big"
+)
+
+func main() {
+    // Define DSA parameters
+    var params dsa.Parameters
+
+    // Generate DSA parameters; here we choose a 1024-bit key size
+    if err := dsa.GenerateParameters(&params, rand.Reader, dsa.L2048N256); err != nil {
+        log.Fatalf("Failed to generate DSA parameters: %v", err)
+    }
+
+    // Generate DSA keys
+    privateKey := new(dsa.PrivateKey)
+    privateKey.PublicKey.Parameters = params
+    if err := dsa.GenerateKey(privateKey, rand.Reader); err != nil {
+        log.Fatalf("Failed to generate DSA key: %v", err)
+    }
+
+    // Extract the public key
+    publicKey := privateKey.PublicKey
+
+    // Print the public key
+    fmt.Printf("Public Key:\n P:%s\n Q:%s\n G:%s\n Y:%s\n",
+        publicKey.P.String(), publicKey.Q.String(), publicKey.G.String(), publicKey.Y.String())
+
+    // Print the private key
+    fmt.Printf("Private Key:\n X:%s\n", privateKey.X.String())
+}
@@ -0,0 +1,37 @@
+// level: NONE
+package main
+
+import (
+    "crypto/dsa"
+    "crypto/rand"
+    "fmt"
+    "log"
+    "math/big"
+)
+
+func main() {
+    // Define DSA parameters
+    var params dsa.Parameters
+
+    // Generate DSA parameters; here we choose a 1024-bit key size
+    if err := dsa.GenerateParameters(&params, rand.Reader, dsa.L3072N256); err != nil {
+        log.Fatalf("Failed to generate DSA parameters: %v", err)
+    }
+
+    // Generate DSA keys
+    privateKey := new(dsa.PrivateKey)
+    privateKey.PublicKey.Parameters = params
+    if err := dsa.GenerateKey(privateKey, rand.Reader); err != nil {
+        log.Fatalf("Failed to generate DSA key: %v", err)
+    }
+
+    // Extract the public key
+    publicKey := privateKey.PublicKey
+
+    // Print the public key
+    fmt.Printf("Public Key:\n P:%s\n Q:%s\n G:%s\n Y:%s\n",
+        publicKey.P.String(), publicKey.Q.String(), publicKey.G.String(), publicKey.Y.String())
+
+    // Print the private key
+    fmt.Printf("Private Key:\n X:%s\n", privateKey.X.String())
+}
@@ -1,8 +1,8 @@
 // level: ERROR
 // start_line: 18
 // end_line: 18
-// start_column: 38
-// end_column: 41
+// start_column: 52
+// end_column: 56
 package main
 
 import (

@@ -0,0 +1,35 @@
+// level: NONE
+package main
+
+import (
+    "crypto/rand"
+    "crypto/rsa"
+    "crypto/x509"
+    "encoding/pem"
+    "log"
+)
+
+func main() {
+    // Generate the RSA key
+    privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+    if err != nil {
+        log.Fatalf("Failed to generate key: %v", err)
+    }
+
+    // Extract the public key from the private key
+    publicKey := &privateKey.PublicKey
+
+    // Encode the public key to PEM format
+    publicKeyBytes, err := x509.MarshalPKIXPublicKey(publicKey)
+    if err != nil {
+        log.Fatalf("Failed to marshal public key: %v", err)
+    }
+
+    publicKeyPEM := pem.EncodeToMemory(&pem.Block{
+        Type:  "RSA PUBLIC KEY",
+        Bytes: publicKeyBytes,
+    })
+
+    // Print the public key
+    log.Println(string(publicKeyPEM))
+}
@@ -0,0 +1,35 @@
+// level: NONE
+package main
+
+import (
+    "crypto/rand"
+    "crypto/rsa"
+    "crypto/x509"
+    "encoding/pem"
+    "log"
+)
+
+func main() {
+    // Generate the RSA key
+    privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
+    if err != nil {
+        log.Fatalf("Failed to generate key: %v", err)
+    }
+
+    // Extract the public key from the private key
+    publicKey := &privateKey.PublicKey
+
+    // Encode the public key to PEM format
+    publicKeyBytes, err := x509.MarshalPKIXPublicKey(publicKey)
+    if err != nil {
+        log.Fatalf("Failed to marshal public key: %v", err)
+    }
+
+    publicKeyPEM := pem.EncodeToMemory(&pem.Block{
+        Type:  "RSA PUBLIC KEY",
+        Bytes: publicKeyBytes,
+    })
+
+    // Print the public key
+    log.Println(string(publicKeyPEM))
+}
@@ -0,0 +1,49 @@
+# Copyright 2024 Secure Saurce LLC
+import os
+
+from parameterized import parameterized
+
+from precli.core.level import Level
+from precli.parsers import go
+from precli.rules import Rule
+from tests.unit.rules.go import test_case
+
+
+class CryptoWeakCipherTests(test_case.TestCase):
+    def setUp(self):
+        super().setUp()
+        self.rule_id = "GO001"
+        self.parser = go.Go(enabled=[self.rule_id])
+        self.base_path = os.path.join(
+            "tests",
+            "unit",
+            "rules",
+            "go",
+            "stdlib",
+            "crypto",
+            "examples",
+        )
+
+    def test_crypto_weak_cipher_rule_meta(self):
+        rule = Rule.get_by_id(self.rule_id)
+        self.assertEqual(self.rule_id, rule.id)
+        self.assertEqual(
+            "use_of_a_broken_or_risky_cryptographic_algorithm", rule.name
+        )
+        self.assertEqual(
+            f"https://docs.securesauce.dev/rules/{self.rule_id}", rule.help_url
+        )
+        self.assertEqual(True, rule.default_config.enabled)
+        self.assertEqual(Level.WARNING, rule.default_config.level)
+        self.assertEqual(-1.0, rule.default_config.rank)
+        self.assertEqual("327", rule.cwe.cwe_id)
+
+    @parameterized.expand(
+        [
+            "weak_cipher_aes",
+            "weak_cipher_des",
+            "weak_cipher_rc4",
+        ]
+    )
+    def test(self, filename):
+        self.check(filename)