Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity
    • Default Quality Profiles:
      Sonar way, Sonar way recommended

      Description

      Noncompliant Code Example

      crypto built-in module:

      crypto.createCipheriv("DES", key, iv); // Noncompliant: DES / 3DES is unsecure 
      crypto.createCipheriv("DES-EDE", key, ""); // Noncompliant: DES / 3DES is unsecure
      crypto.createCipheriv("DES-EDE3", key, ""); // Noncompliant: DES / 3DES is unsecure
      crypto.createCipheriv("RC2", key, iv); // Noncompliant: RC2 is vulnerable to a related-key attack
      crypto.createCipheriv("RC4", key, "");// Noncompliant: RC4 is vulnerable to several attacks 
      crypto.createCipheriv("BF", key, iv);// Noncompliant: Blowfish use a 64-bit block size makes it vulnerable to birthday attacks
      

      Compliant Solution

      crypto built-in module:

      crypto.createCipheriv("AES-256-GCM", key, iv);
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              eric.therond Eric Therond
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: