From c79083491d9aaa7ba1cdb486d4d3c53d1532cede Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 12 Feb 2025 10:19:39 +0100
Subject: [PATCH] Create rule S3329: Cipher Block Chaining IVs should be
 unpredictable (#4658)

* Add go to rule S3329

* Add description for S3329 for Go

* Update rules/S3329/go/rule.adoc

Co-authored-by: teemu-rytilahti-sonarsource <teemu.rytilahti@sonarsource.com>

---------

Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com>
Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com>
Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
Co-authored-by: teemu-rytilahti-sonarsource <teemu.rytilahti@sonarsource.com>
---
 rules/S3329/go/metadata.json |  2 +
 rules/S3329/go/rule.adoc     | 75 ++++++++++++++++++++++++++++++++++++
 2 files changed, 77 insertions(+)
 create mode 100644 rules/S3329/go/metadata.json
 create mode 100644 rules/S3329/go/rule.adoc

diff --git a/rules/S3329/go/metadata.json b/rules/S3329/go/metadata.json
new file mode 100644
index 0000000000..7a73a41bfd
--- /dev/null
+++ b/rules/S3329/go/metadata.json
@@ -0,0 +1,2 @@
+{
+}
\ No newline at end of file
diff --git a/rules/S3329/go/rule.adoc b/rules/S3329/go/rule.adoc
new file mode 100644
index 0000000000..baac094c74
--- /dev/null
+++ b/rules/S3329/go/rule.adoc
@@ -0,0 +1,75 @@
+
+include::../summary.adoc[]
+
+== Why is this an issue?
+
+include::../rationale.adoc[]
+
+include::../impact.adoc[]
+
+== How to fix it
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,go,diff-id=1,diff-type=noncompliant]
+----
+import (
+	"crypto/cipher"
+)
+
+func encrypt(block cipher.Block, plaintext []byte) {
+	iv := []byte("fixed IVfixed IV")
+	encrypter := cipher.NewCBCEncrypter(block, iv) // Noncompliant
+	encrypter.CryptBlocks(plaintext, plaintext)
+}
+----
+
+==== Compliant solution
+
+include::../common/fix/explicit-fix.adoc[]
+
+[source,go,diff-id=1,diff-type=compliant]
+----
+import (
+	"crypto/cipher"
+	"crypto/rand"
+)
+
+func encrypt(block cipher.Block, plaintext []byte) {
+	iv := make([]byte, block.BlockSize())
+	rand.Read(iv)
+	encrypter := cipher.NewCBCEncrypter(block, iv)
+	encrypter.CryptBlocks(plaintext, plaintext)
+}
+----
+
+=== How does this work?
+
+include::../common/fix/fix.adoc[]
+
+
+
+== Resources
+
+include::../common/resources/docs.adoc[]
+
+include::../common/resources/articles.adoc[]
+
+include::../common/resources/presentations.adoc[]
+
+include::../common/resources/standards.adoc[]
+
+ifdef::env-github,rspecator-view[]
+
+'''
+== Implementation Specification
+(visible only on this page)
+
+include::../message.adoc[]
+
+'''
+
+endif::env-github,rspecator-view[]
+