Uploaded image for project: 'SonarSwift'
  1. SonarSwift
  2. SONARSWIFT-381

Rule S2278: Neither DES (Data Encryption Standard) nor DESede (3DES) should be used

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0
    • Component/s: Rules
    • Labels:
      None

      Description

      This rule should raise an issue when:

      • ChilkatSoft: the CryptAlgorithm field of a CkoCrypt2() object is set to "3des" or "des": see Examples and Docs
      • IBM BlueCryptor : the algorithm parameter of the Cryptor object is set to .des or .tripleDes
      • "3DES" or "DES" are assigned to constant or enum value that contain "algorithm" in their name
      • as a safety net for usage of the Objective-C CommonCrypto library with Swift (it is possible, see thread): raise for identifiers kCCAlgorithmDES and kCCAlgorithm3DES (see wrapper)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              andrei.epure Andrei Epure
              Reporter:
              alexandre.gigleux Alexandre Gigleux
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: