Fix incorrect detection of fixed iv in G407 (#1509)

Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>

Author: ccojocar

analyzers/hardcoded_nonce.go

@@ -36,12 +36,17 @@ const defaultIssueDescription = "Use of hardcoded IV/nonce for encryption"
 // and the index of the argument that is the nonce/IV.
 // Example: "crypto/cipher.NewCBCEncrypter": {2, 1} means the function accepts 2 arguments,
 // and the nonce arg is at index 1 (the second argument).
+// Note: We only track encryption functions, not decryption functions (like NewCBCDecrypter, NewCFBDecrypter, etc.)
+// because decryption must use the same nonce as encryption, which will naturally appear as a known/hardcoded value.
 var tracked = map[string][]int{
 	"(crypto/cipher.AEAD).Seal":     {4, 1},
 	"crypto/cipher.NewCBCEncrypter": {2, 1},
 	"crypto/cipher.NewCFBEncrypter": {2, 1},
+	"crypto/cipher.NewCTREncrypter": {2, 1},
 	"crypto/cipher.NewCTR":          {2, 1},
 	"crypto/cipher.NewOFB":          {2, 1},
+	"crypto/cipher.NewCFB":          {2, 1},
+	"crypto/cipher.NewCBC":          {2, 1},
 }
 
 var dynamicFuncs = map[string]bool{
@@ -146,6 +151,16 @@ func (s *analysisState) Release() {
 	s.BaseAnalyzerState.Release()
 }
 
+// isAEADOpenCall checks if a call is to AEAD.Open (decryption), which should not be flagged.
+func isAEADOpenCall(c *ssa.Call) bool {
+	if c.Call.IsInvoke() && c.Call.Method != nil {
+		name := c.Call.Method.FullName()
+		// Check if this is (crypto/cipher.AEAD).Open
+		return strings.Contains(name, "AEAD") && strings.HasSuffix(name, "Open")
+	}
+	return false
+}
+
 // getInitialArgs is now unified in util.go TraverseSSA or kept here if specific.
 // It seems specific to tracked functions, so we keep it but can use TraverseSSA.
 func (s *analysisState) getInitialArgs(tracked map[string][]int) []ssaValueAndInstr {
@@ -154,6 +169,10 @@ func (s *analysisState) getInitialArgs(tracked map[string][]int) []ssaValueAndIn
 		if c, ok := i.(*ssa.Call); ok {
 			if c.Call.IsInvoke() {
 				// Handle interface method calls (e.g. (crypto/cipher.AEAD).Seal)
+				// Skip AEAD.Open (decryption) as it must use the same nonce as encryption
+				if isAEADOpenCall(c) {
+					return
+				}
 				name := c.Call.Method.FullName()
 				if info, ok := tracked[name]; ok {
 					if len(c.Call.Args) == info[0] {

testutils/g407_samples.go

@@ -1256,5 +1256,105 @@ func main() {
 	block, _ := aes.NewCipher([]byte("12345678123456781234567812345678"))
 	_ = cipher.NewCTR(block, iv)
 }
+`}, 1, gosec.NewConfig()},
+
+	// Decryption tests - should NOT be flagged as decryption uses the same nonce as encryption
+	{[]string{`package main
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+)
+
+func Decrypt(data []byte, key [32]byte) ([]byte, error) {
+	block, _ := aes.NewCipher(key[:32])
+	gcm, _ := cipher.NewGCM(block)
+	// Using a hardcoded nonce for DECRYPTION is safe - must match encryption nonce
+	nonce := []byte("ILoveMyNonce")
+	return gcm.Open(nil, nonce, data[gcm.NonceSize():], nil)
+}
+`}, 0, gosec.NewConfig()},
+
+	{[]string{`package main
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+)
+
+func main() {
+	block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
+	aesGCM, _ := cipher.NewGCM(block)
+
+	// Encrypt with hardcoded nonce - SHOULD be flagged
+	cipherText := aesGCM.Seal(nil, []byte("ILoveMyNonce"), []byte("My secret message"), nil)
+
+	// Decrypt with same nonce - should NOT be flagged (same nonce as encryption)
+	cipherText, _ = aesGCM.Open(nil, []byte("ILoveMyNonce"), cipherText, nil)
+}
+`}, 1, gosec.NewConfig()},
+
+	{[]string{`package main
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+)
+
+func main() {
+	block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
+	// NewCBCDecrypter should not be flagged - decryption must use same nonce as encryption
+	aesCBC := cipher.NewCBCDecrypter(block, []byte("ILoveMyNonceAlot"))
+	var output = make([]byte, 16)
+	aesCBC.CryptBlocks(output, []byte("encrypted_block!"))
+}
+`}, 0, gosec.NewConfig()},
+
+	{[]string{`package main
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+)
+
+func main() {
+	block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
+	// NewCFBDecrypter should not be flagged - decryption must use same nonce as encryption
+	aesCFB := cipher.NewCFBDecrypter(block, []byte("ILoveMyNonceAlot"))
+	var output = make([]byte, 16)
+	aesCFB.XORKeyStream(output, []byte("Very Cool thing!"))
+}
+`}, 0, gosec.NewConfig()},
+
+	{[]string{`package main
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+)
+
+func main() {
+	block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
+	// NewCBCEncrypter SHOULD be flagged - encryption should use random nonce
+	aesCBC := cipher.NewCBCEncrypter(block, []byte("ILoveMyNonceAlot"))
+	var output = make([]byte, 16)
+	aesCBC.CryptBlocks(output, []byte("Very Cool thing!"))
+}
+`}, 1, gosec.NewConfig()},
+
+	{[]string{`package main
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+)
+
+func main() {
+	block, _ := aes.NewCipher([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
+	// NewCFBEncrypter SHOULD be flagged - encryption should use random nonce
+	aesCFB := cipher.NewCFBEncrypter(block, []byte("ILoveMyNonceAlot"))
+	var output = make([]byte, 16)
+	aesCFB.XORKeyStream(output, []byte("Very Cool thing!"))
+}
 `}, 1, gosec.NewConfig()},
 }