C and C++ analyzers detect cryptography-related security issues

Hello C and C++ developers,

Communications should be encrypted to protect users’s privacy, but when it comes to really implement it, it’s not that easy due to the complexity of the area.

With SonarCloud, you are no longer alone thanks to these 7 new security rules focusing on detecting cryptography-related security issues:

  • S5542: Encryption algorithms should be used with secure mode and padding scheme (Blocker)
  • S4426: Cryptographic keys should be robust (Blocker)
  • S4830: Server certificates should be verified during SSL⁄TLS connections (Critical)
  • S5527: Server hostnames should be verified during SSL⁄TLS connections (Critical)
  • S5547: Cipher algorithms should be robust (Critical)
  • S5332: Using clear-text protocols is security-sensitive (Critical)
  • S4423: Weak SSL and TLS protocols should not be used (Major)

These 7 rules are available now for both C and C++ on SonarCloud, and will be included in SonarQube 8.6.