Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity
    • Default Quality Profiles:
      Sonar way, Sonar way recommended

      Description

      Noncompliant Code Example

      crypto built-in module:

      var { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
        modulusLength: 1024,  // Noncompliant
        publicKeyEncoding:  { type: 'spki', format: 'pem' },
        privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
      }); // Noncompliant: 1024 bits is too short for a RSA key pair
      
      crypto.generateKeyPair('ec', {
        namedCurve: 'secp112r2', 
        publicKeyEncoding:  { type: 'spki', format: 'pem' },
        privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
      }, callback); // Noncompliant: secp112r2 curve doesn't provide enough security
      

      Compliant Solution

      crypto built-in module:

      crypto.generateKeyPair('rsa', {
        modulusLength: 2048,  // Compliant
        publicKeyEncoding:  { type: 'spki', format: 'pem' },
        privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
      }, callback); // Compliant
      
      crypto.generateKeyPair('ec', {
        namedCurve: 'secp224k1', 
        publicKeyEncoding:  { type: 'spki', format: 'pem' },
        privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
      }, callback); // compliant
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              eric.therond Eric Therond
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: