mirror of
https://github.com/securego/gosec.git
synced 2025-07-17 01:12:33 +02:00
Added new rule G407(hardcoded IV/nonce)
The rule is supposed to detect for the usage of hardcoded or static nonce/Iv in many encryption algorithms: * The different modes of AES (mainly tested here) * It should be able to work with ascon Currently the rules doesn't check when constant variables are used. TODO: Improve the rule, to detected for constatant variable usage
This commit is contained in:
Dimitar Banchev
committed by
Cosmin Cojocar
Cosmin Cojocar
parent
4ae73c8ba3
commit
0eb8143c23
@ -84,6 +84,7 @@ var ruleToCWE = map[string]string{
|
||||
"G404": "338",
|
||||
"G405": "327",
|
||||
"G406": "328",
|
||||
"G407": "1204",
|
||||
"G501": "327",
|
||||
"G502": "327",
|
||||
"G503": "327",
|
||||
|
||||
Reference in New Issue
Block a user