rspec/rules/S5344/go/rule.adoc

include::../summary.adoc[]

== Why is this an issue?

include::../rationale.adoc[]

include::../impact.adoc[]

== How to fix it

=== Code examples

==== Noncompliant code example


[source,go,diff-id=1,diff-type=noncompliant]
----
import (
	"golang.org/x/crypto/argon2"
)
func passwordHashingArgon2(password string, salt []byte, w http.ResponseWriter) {
	argon2IDHashWeak := argon2.IDKey([]byte(password), salt, 1, 32*1024, 1, 32) // Noncompliant: Use strong parameters
}
----


==== Compliant solution


[source,go,diff-id=1,diff-type=compliant]
----
import (
	"golang.org/x/crypto/argon2"
)
func passwordHashingArgon2(password string, salt []byte, w http.ResponseWriter) {
	argon2IDHashWeak := argon2.IDKey([]byte(password), salt, 1, 64*1024, 4, 32)
}
----


=== How does this work?

include::../common/fix/pbkdf2-parameters.adoc[]

=== Going the extra mile

include::../common/extra-mile/peppering.adoc[]


== Resources

include::../common/resources/documentation.adoc[]

include::../common/resources/standards.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::message.adoc[]

endif::env-github,rspecator-view[]
Create rule S5344: Passwords should not be stored in plaintext or with a fast hashing algorithm (#4655) * Add go to rule S5344 * Add description for S5344 for Go * Add message * Extend message * Update rules/S5344/go/message.adoc Co-authored-by: teemu-rytilahti-sonarsource <teemu.rytilahti@sonarsource.com> * Update rules/S5344/go/message.adoc Co-authored-by: teemu-rytilahti-sonarsource <teemu.rytilahti@sonarsource.com> --------- Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com> Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: teemu-rytilahti-sonarsource <teemu.rytilahti@sonarsource.com> 2025-02-12 10:44:28 +01:00			`include::../summary.adoc[]`

			`== Why is this an issue?`

			`include::../rationale.adoc[]`

			`include::../impact.adoc[]`

			`== How to fix it`

			`=== Code examples`

			`==== Noncompliant code example`


			`[source,go,diff-id=1,diff-type=noncompliant]`
			`----`
			`import (`
			`"golang.org/x/crypto/argon2"`
			`)`
			`func passwordHashingArgon2(password string, salt []byte, w http.ResponseWriter) {`
			`argon2IDHashWeak := argon2.IDKey([]byte(password), salt, 1, 32*1024, 1, 32) // Noncompliant: Use strong parameters`
			`}`
			`----`


			`==== Compliant solution`


			`[source,go,diff-id=1,diff-type=compliant]`
			`----`
			`import (`
			`"golang.org/x/crypto/argon2"`
			`)`
			`func passwordHashingArgon2(password string, salt []byte, w http.ResponseWriter) {`
			`argon2IDHashWeak := argon2.IDKey([]byte(password), salt, 1, 64*1024, 4, 32)`
			`}`
			`----`


			`=== How does this work?`

			`include::../common/fix/pbkdf2-parameters.adoc[]`

			`=== Going the extra mile`

			`include::../common/extra-mile/peppering.adoc[]`




			`== Resources`

			`include::../common/resources/documentation.adoc[]`

			`include::../common/resources/standards.adoc[]`


			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::message.adoc[]`

			`endif::env-github,rspecator-view[]`