Uploaded image for project: 'SonarKotlin'
  1. SonarKotlin
  2. SONARKT-6

Rule S5542 Encryption algorithms should be used with secure mode and padding scheme

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0
    • Component/s: None
    • Labels:

      Description

      New rule to implement

      Should raise when

      • the full transformation (algo/mode/padding) is not specified, because in this case the default mode is ECB which is unsecure:
        val c1 = Cipher.getInstance("AES") // Noncompliant: by default ECB mode is chosen
        
      • when the mode (second part of the transformation) is equals to ECB and the algo (first part) is not equals to RSA:
        val c2 = Cipher.getInstance("AES/ECB/NoPadding") // Noncompliant: ECB doesn't provide serious message confidentiality
        val c2 = Cipher.getInstance("RSA/ECB/OAEP") // Compliant
        
      • when the algo (first part of the transformation) is equals to RSA and the padding (last part) doesn't start by OAEP:
        val c3 = Cipher.getInstance("RSA/NONE/NoPadding") // Noncompliant: RSA without OAEP padding scheme is not recommanded
        

      Code examples: https://github.com/SonarSource/security-expected-issues/pull/426

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              margarita.nedzelska Margarita Nedzelska
              Reporter:
              eric.therond Eric Therond (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: