ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5547/php/rule.adoc

38 lines
2.2 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
== Noncompliant Code Example
----
<?php
// mcrypt_encrypt is deprecated since PHP 7.1
$c1 = mcrypt_encrypt(MCRYPT_DES, $key, $plaintext, $mode); // Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search
$c2 = mcrypt_encrypt(MCRYPT_DES_COMPAT, $key, $plaintext, $mode); // Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search
$c3 = mcrypt_encrypt(MCRYPT_TRIPLEDES, $key, $plaintext, $mode) // Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack
$c4 = mcrypt_encrypt(MCRYPT_3DES, $key, $plaintext, $mode); // Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack
$c5 = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plaintext, $mode); // Noncompliant: Blowfish use a 64-bit block size makes it vulnerable to birthday attacks
$c6 = mcrypt_encrypt(MCRYPT_RC2, $key, $plaintext, $mode); // Noncompliant: RC2 is vulnerable to a related-key attack
$c7 = mcrypt_encrypt(MCRYPT_RC4, $key, $plaintext, $mode); // Noncompliant: vulnerable to several attacks (see https://en.wikipedia.org/wiki/RC4#Security)
$c8 = openssl_encrypt($plaintext, "bf-ecb", $key, $options=OPENSSL_RAW_DATA, $iv); // Noncompliant: Blowfish use a 64-bit block size makes it vulnerable to birthday attacks
$c9 = openssl_encrypt($plaintext, "des-ede3", $key, $options=OPENSSL_RAW_DATA, $iv); // Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack
$c10 = openssl_encrypt($plaintext, "des-ofb", $key, $options=OPENSSL_RAW_DATA, $iv); // Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search
$c11 = openssl_encrypt($plaintext, "rc2-cbc", $key, $options=OPENSSL_RAW_DATA, $iv); // Noncompliant: RC2 is vulnerable to a related-key attack
$c12 = openssl_encrypt($plaintext, "rc4", $key, $options=OPENSSL_RAW_DATA, $iv); // Noncompliant: vulnerable to several attacks (see https://en.wikipedia.org/wiki/RC4#Security)
----
== Compliant Solution
----
<?php
$c1= openssl_encrypt($plaintext, "aes-256-gcm", $key, $options=OPENSSL_RAW_DATA, $iv); // Compliant
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink