diff --git a/rules/S2755/cfamily/how-to-fix-it/xerces.adoc b/rules/S2755/cfamily/how-to-fix-it/xerces.adoc index cf797d3604..e09f04f095 100644 --- a/rules/S2755/cfamily/how-to-fix-it/xerces.adoc +++ b/rules/S2755/cfamily/how-to-fix-it/xerces.adoc @@ -6,7 +6,7 @@ include::../../common/fix/code-rationale.adoc[] ==== Noncompliant code example -[source,cpp,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=11,diff-type=noncompliant] ---- #include "xercesc/parsers/XercesDOMParser.hpp" @@ -21,7 +21,7 @@ void parse() { By default, entities resolution is enabled for `XMLReaderFactory::createXMLReader`. -[source,cpp,diff-id=2,diff-type=noncompliant] +[source,cpp,diff-id=12,diff-type=noncompliant] ---- #include "xercesc/sax2/SAX2XMLReader.hpp" @@ -35,7 +35,7 @@ void parse() { By default, entities resolution is enabled for `SAXParser`. -[source,cpp,diff-id=3,diff-type=noncompliant] +[source,cpp,diff-id=13,diff-type=noncompliant] ---- #include "xercesc/parsers/SAXParser.hpp" @@ -52,7 +52,7 @@ void parse() { By default, `XercesDOMParser` is safe. -[source,cpp,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=11,diff-type=compliant] ---- #include "xercesc/parsers/XercesDOMParser.hpp" @@ -65,7 +65,7 @@ void parse() { } ---- -[source,cpp,diff-id=2,diff-type=compliant] +[source,cpp,diff-id=12,diff-type=compliant] ---- #include "xercesc/sax2/SAX2XMLReader.hpp" @@ -77,7 +77,7 @@ void parse() { } ---- -[source,cpp,diff-id=3,diff-type=compliant] +[source,cpp,diff-id=13,diff-type=compliant] ---- #include "xercesc/parsers/SAXParser.hpp" diff --git a/rules/S4423/cfamily/how-to-fix-it/curl.adoc b/rules/S4423/cfamily/how-to-fix-it/curl.adoc index ae17a6aece..91a729a13c 100644 --- a/rules/S4423/cfamily/how-to-fix-it/curl.adoc +++ b/rules/S4423/cfamily/how-to-fix-it/curl.adoc @@ -1,4 +1,4 @@ -== How to fix it in cURL +== How to fix it in cURL === Code examples @@ -9,11 +9,11 @@ The following code samples attempt to create an HTTP request. This sample uses Curl's default TLS algorithms, which are weak cryptographical algorithms: TLSv1.0 and LTSv1.1. -[source,cpp,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=11,diff-type=noncompliant] ---- #include -void encrypt() { +void encrypt() { CURL *curl; curl_global_init(CURL_GLOBAL_DEFAULT); @@ -26,7 +26,7 @@ void encrypt() { ==== Compliant solution -[source,cpp,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=11,diff-type=compliant] ---- #include diff --git a/rules/S4423/cfamily/how-to-fix-it/openssl.adoc b/rules/S4423/cfamily/how-to-fix-it/openssl.adoc index 12a63ae4d5..6a3c533400 100644 --- a/rules/S4423/cfamily/how-to-fix-it/openssl.adoc +++ b/rules/S4423/cfamily/how-to-fix-it/openssl.adoc @@ -1,5 +1,5 @@ -== How to fix it in OpenSSL +== How to fix it in OpenSSL === Code examples @@ -10,7 +10,7 @@ The following code samples attempt to create an OpenSSL TLS Client. This sample uses OpenSSL's default TLS algorithms, which are weak cryptographical algorithms (TLSv1.0 and LTSv1.1). -[source,cpp,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=21,diff-type=noncompliant] ---- #include @@ -25,7 +25,7 @@ void encrypt() { ==== Compliant solution -[source,cpp,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=21,diff-type=compliant] ---- #include diff --git a/rules/S4426/cfamily/how-to-fix-it/cryptopp.adoc b/rules/S4426/cfamily/how-to-fix-it/cryptopp.adoc index f41a19d0a9..91833e7050 100644 --- a/rules/S4426/cfamily/how-to-fix-it/cryptopp.adoc +++ b/rules/S4426/cfamily/how-to-fix-it/cryptopp.adoc @@ -6,7 +6,7 @@ include::../../common/fix/rsa.adoc[] -[source,cpp,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=21,diff-type=noncompliant] ---- #include #include @@ -21,7 +21,7 @@ void encrypt() { include::../../common/fix/dsa.adoc[] -[source,cpp,diff-id=2,diff-type=noncompliant] +[source,cpp,diff-id=22,diff-type=noncompliant] ---- #include #include @@ -34,7 +34,7 @@ dsa_private_key.GenerateRandomWithKeySize(rng, 1024); // Noncompliant include::../../common/fix/dh.adoc[] -[source,cpp,diff-id=3,diff-type=noncompliant] +[source,cpp,diff-id=23,diff-type=noncompliant] ---- #include #include @@ -47,7 +47,7 @@ dh.AccessGroupParameters().GenerateRandomWithKeySize(rng, 1024); // Noncompliant include::../../common/fix/ec.adoc[] -[source,cpp,diff-id=4,diff-type=noncompliant] +[source,cpp,diff-id=24,diff-type=noncompliant] ---- #include @@ -58,7 +58,7 @@ void ecnrypt() { ==== Compliant solution -[source,cpp,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=21,diff-type=compliant] ---- #include #include @@ -71,7 +71,7 @@ void encrypt() { } ---- -[source,cpp,diff-id=2,diff-type=compliant] +[source,cpp,diff-id=22,diff-type=compliant] ---- #include #include @@ -82,7 +82,7 @@ cryptopp::dsa::privatekey dsa_private_key; dsa_private_key.GenerateRandomWithKeySize(rng, 2048); ---- -[source,cpp,diff-id=3,diff-type=compliant] +[source,cpp,diff-id=23,diff-type=compliant] ---- #include #include @@ -93,7 +93,7 @@ CryptoPP::DH dh; dh.AccessGroupParameters().GenerateRandomWithKeySize(rng, 2048); ---- -[source,cpp,diff-id=4,diff-type=compliant] +[source,cpp,diff-id=24,diff-type=compliant] ---- #include diff --git a/rules/S4426/cfamily/how-to-fix-it/openssl.adoc b/rules/S4426/cfamily/how-to-fix-it/openssl.adoc index d45f0840c0..ab907af99f 100644 --- a/rules/S4426/cfamily/how-to-fix-it/openssl.adoc +++ b/rules/S4426/cfamily/how-to-fix-it/openssl.adoc @@ -8,7 +8,7 @@ include::../../common/fix/code-rationale.adoc[] include::../../common/fix/rsa.adoc[] -[source,cpp,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=31,diff-type=noncompliant] ---- #include @@ -23,7 +23,7 @@ void encrypt() { include::../../common/fix/dsa.adoc[] -[source,cpp,diff-id=2,diff-type=noncompliant] +[source,cpp,diff-id=32,diff-type=noncompliant] ---- #include @@ -35,7 +35,7 @@ void encrypt() { include::../../common/fix/dh.adoc[] -[source,cpp,diff-id=3,diff-type=noncompliant] +[source,cpp,diff-id=33,diff-type=noncompliant] ---- #include @@ -47,7 +47,7 @@ void encrypt() { include::../../common/fix/ec.adoc[] -[source,cpp,diff-id=4,diff-type=noncompliant] +[source,cpp,diff-id=34,diff-type=noncompliant] ---- #include @@ -58,7 +58,7 @@ void encrypt() { ==== Compliant solution -[source,cpp,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=31,diff-type=compliant] ---- #include @@ -71,7 +71,7 @@ void encrypt() { } ---- -[source,cpp,diff-id=2,diff-type=compliant] +[source,cpp,diff-id=32,diff-type=compliant] ---- #include @@ -81,7 +81,7 @@ void encrypt() { } ---- -[source,cpp,diff-id=3,diff-type=compliant] +[source,cpp,diff-id=33,diff-type=compliant] ---- #include @@ -91,7 +91,7 @@ void encrypt() { } ---- -[source,cpp,diff-id=4,diff-type=compliant] +[source,cpp,diff-id=34,diff-type=compliant] ---- #include diff --git a/rules/S4830/cfamily/how-to-fix-it/curl.adoc b/rules/S4830/cfamily/how-to-fix-it/curl.adoc index 3139a69223..3e877e75b3 100644 --- a/rules/S4830/cfamily/how-to-fix-it/curl.adoc +++ b/rules/S4830/cfamily/how-to-fix-it/curl.adoc @@ -12,34 +12,34 @@ include::../../common/fix/code-rationale-setting.adoc[] ==== Noncompliant code example -[source,cpp,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=21,diff-type=noncompliant] ---- #include void connect() { CURL *curl; curl_global_init(CURL_GLOBAL_DEFAULT); - + curl = curl_easy_init(); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); // Noncompliant - + curl_easy_perform(curl); } ---- ==== Compliant solution -[source,cpp,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=21,diff-type=compliant] ---- #include void connect() { CURL *curl; curl_global_init(CURL_GLOBAL_DEFAULT); - + curl = curl_easy_init(); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L); - + curl_easy_perform(curl); } ---- diff --git a/rules/S4830/cfamily/how-to-fix-it/openssl.adoc b/rules/S4830/cfamily/how-to-fix-it/openssl.adoc index d6ef583400..b656d8dee9 100644 --- a/rules/S4830/cfamily/how-to-fix-it/openssl.adoc +++ b/rules/S4830/cfamily/how-to-fix-it/openssl.adoc @@ -10,11 +10,11 @@ include::../../common/fix/code-rationale-override.adoc[] ==== Noncompliant code example -[source,cpp,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=31,diff-type=noncompliant] ---- #include -static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { return 1; } +static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { return 1; } void connect() { const SSL_METHOD *method = TLS_method(); @@ -28,7 +28,7 @@ void connect() { ==== Compliant solution -[source,cpp,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=31,diff-type=compliant] ---- #include diff --git a/rules/S5527/cfamily/how-to-fix-it/curl.adoc b/rules/S5527/cfamily/how-to-fix-it/curl.adoc index 3fc00531ee..3250360be2 100644 --- a/rules/S5527/cfamily/how-to-fix-it/curl.adoc +++ b/rules/S5527/cfamily/how-to-fix-it/curl.adoc @@ -4,7 +4,7 @@ include::../../common/fix/code-rationale.adoc[] -:cert_variable_name: CURLOPT_SSL_VERIFYHOST +:cert_variable_name: CURLOPT_SSL_VERIFYHOST :cert_variable_unsafe_value: 0L :cert_variable_safe_value: 1L @@ -12,14 +12,14 @@ include::../../common/fix/code-rationale-setting.adoc[] ==== Noncompliant code example -[source,cpp,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=21,diff-type=noncompliant] ---- #include void connect() { CURL *curl; curl_global_init(CURL_GLOBAL_DEFAULT); - + curl = curl_easy_init(); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); // Noncompliant @@ -29,17 +29,17 @@ void connect() { ==== Compliant solution -[source,cpp,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=21,diff-type=compliant] ---- #include void connect() { CURL *curl; curl_global_init(CURL_GLOBAL_DEFAULT); - + curl = curl_easy_init(); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); - + curl_easy_perform(curl); } ---- diff --git a/rules/S5527/cfamily/how-to-fix-it/openssl.adoc b/rules/S5527/cfamily/how-to-fix-it/openssl.adoc index d370b59a85..bc532310da 100644 --- a/rules/S5527/cfamily/how-to-fix-it/openssl.adoc +++ b/rules/S5527/cfamily/how-to-fix-it/openssl.adoc @@ -5,7 +5,7 @@ include::../../common/fix/code-rationale.adoc[] :cert_variable_name: SSL_set1_host -:cert_variable_safe_value: the name of the expected host +:cert_variable_safe_value: the name of the expected host include::../../common/fix/code-rationale-explicit.adoc[] @@ -15,7 +15,7 @@ certificates. ==== Noncompliant code example -[source,cpp,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=31,diff-type=noncompliant] ---- #include @@ -30,7 +30,7 @@ void connect() { ==== Compliant solution -[source,cpp,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=31,diff-type=compliant] ---- #include diff --git a/rules/S5542/cfamily/how-to-fix-it/cryptopp.adoc b/rules/S5542/cfamily/how-to-fix-it/cryptopp.adoc index 75f85b645c..84a848cd54 100644 --- a/rules/S5542/cfamily/how-to-fix-it/cryptopp.adoc +++ b/rules/S5542/cfamily/how-to-fix-it/cryptopp.adoc @@ -6,7 +6,7 @@ include::../../common/fix/aes-noncompliant-example.adoc[] -[source,cpp,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=21,diff-type=noncompliant] ---- #include #include @@ -18,7 +18,7 @@ voic encrypt() { include::../../common/fix/rsa-noncompliant-example.adoc[] -[source,cpp,diff-id=2,diff-type=noncompliant] +[source,cpp,diff-id=22,diff-type=noncompliant] ---- #include @@ -31,7 +31,7 @@ void encrypt() { include::../../common/fix/aes-compliant-example.adoc[] -[source,cpp,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=21,diff-type=compliant] ---- #include #include @@ -43,7 +43,7 @@ void encrypt() { include::../../common/fix/rsa-compliant-example.adoc[] -[source,cpp,diff-id=2,diff-type=compliant] +[source,cpp,diff-id=22,diff-type=compliant] ---- #include diff --git a/rules/S5542/cfamily/how-to-fix-it/openssl.adoc b/rules/S5542/cfamily/how-to-fix-it/openssl.adoc index 45396b0e22..9f7f974bb7 100644 --- a/rules/S5542/cfamily/how-to-fix-it/openssl.adoc +++ b/rules/S5542/cfamily/how-to-fix-it/openssl.adoc @@ -6,7 +6,7 @@ include::../../common/fix/aes-noncompliant-example.adoc[] -[source,cpp,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=31,diff-type=noncompliant] ---- #include @@ -17,7 +17,7 @@ void encrypt() { include::../../common/fix/rsa-noncompliant-example.adoc[] -[source,cpp,diff-id=2,diff-type=noncompliant] +[source,cpp,diff-id=32,diff-type=noncompliant] ---- #include @@ -30,7 +30,7 @@ void encrypt() { include::../../common/fix/aes-compliant-example.adoc[] -[source,cpp,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=31,diff-type=compliant] ---- #include @@ -41,7 +41,7 @@ void encrypt() { include::../../common/fix/rsa-compliant-example.adoc[] -[source,cpp,diff-id=2,diff-type=compliant] +[source,cpp,diff-id=32,diff-type=compliant] ---- #include diff --git a/rules/S5547/cfamily/how-to-fix-it/cryptopp.adoc b/rules/S5547/cfamily/how-to-fix-it/cryptopp.adoc index cf567e77dd..9da8e2e5c6 100644 --- a/rules/S5547/cfamily/how-to-fix-it/cryptopp.adoc +++ b/rules/S5547/cfamily/how-to-fix-it/cryptopp.adoc @@ -6,7 +6,7 @@ include::../../common/fix/code-rationale.adoc[] ==== Noncompliant code example -[source,cpp,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=21,diff-type=noncompliant] ---- #include @@ -17,7 +17,7 @@ void encrypt() { ==== Compliant solution -[source,cpp,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=21,diff-type=compliant] ---- #include diff --git a/rules/S5547/cfamily/how-to-fix-it/openssl.adoc b/rules/S5547/cfamily/how-to-fix-it/openssl.adoc index 64b22f36e1..2eeec8d3e5 100644 --- a/rules/S5547/cfamily/how-to-fix-it/openssl.adoc +++ b/rules/S5547/cfamily/how-to-fix-it/openssl.adoc @@ -6,7 +6,7 @@ include::../../common/fix/code-rationale.adoc[] ==== Noncompliant code example -[source,cpp,diff-id=1,diff-type=noncompliant] +[source,cpp,diff-id=31,diff-type=noncompliant] ---- #include @@ -17,7 +17,7 @@ void encrypt() { ==== Compliant solution -[source,cpp,diff-id=1,diff-type=compliant] +[source,cpp,diff-id=31,diff-type=compliant] ---- #include diff --git a/rules/S5553/cfamily/rule.adoc b/rules/S5553/cfamily/rule.adoc index d7b9c95b63..9a027eee64 100644 --- a/rules/S5553/cfamily/rule.adoc +++ b/rules/S5553/cfamily/rule.adoc @@ -205,7 +205,7 @@ int getTotalScore() { ==== Noncompliant code example -[source,cpp,diff-id=5,diff-type=compliant] +[source,cpp,diff-id=5,diff-type=noncompliant] ---- #include #include