Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity
    • Default Quality Profiles:
      Sonar way

      Description

      Noncompliant Code Example

      import javax.crypto.Cipher;
      import java.security.NoSuchAlgorithmException;
      import javax.crypto.NoSuchPaddingException;
      
      public class test {
      
          public static void main(String[] args) {
            try
            {
              Cipher c1 = Cipher.getInstance("DES"); // Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search
              Cipher c7 = Cipher.getInstance("DESede"); // Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack
              Cipher c13 = Cipher.getInstance("RC2"); // Noncompliant: RC2 is vulnerable to a related-key attack 
              Cipher c19 = Cipher.getInstance("RC4"); // Noncompliant: vulnerable to several attacks (see https://en.wikipedia.org/wiki/RC4#Security)
              Cipher c25 = Cipher.getInstance("Blowfish"); // Noncompliant: Blowfish use a 64-bit block size makes it vulnerable to birthday attacks
              
              NullCipher nc = new NullCipher(); // Noncompliant: the NullCipher class provides an "identity cipher" one that does not transform or encrypt the plaintext in any way.
            }
            catch(NoSuchAlgorithmException|NoSuchPaddingException e)
            {
            }
          }
      } 
      

      Compliant Solution

      import javax.crypto.Cipher;
      import java.security.NoSuchAlgorithmException;
      import javax.crypto.NoSuchPaddingException;
      
      public class test {
      
          public static void main(String[] args) {
            try
            {
              Cipher c31 = Cipher.getInstance("AES/GCM/NoPadding"); // Compliant
            }
            catch(NoSuchAlgorithmException|NoSuchPaddingException e)
            {
            }
          }
      } 
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              eric.therond Eric Therond
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: