File tree Expand file tree Collapse file tree 3 files changed +143
-0
lines changed Expand file tree Collapse file tree 3 files changed +143
-0
lines changed Original file line number Diff line number Diff line change 1+ id : use-of-rc2-java
2+ language : java
3+ severity : warning
4+ message : >-
5+ Use of RC2 was detected. RC2 is vulnerable to related-key attacks, and
6+ is therefore considered non-compliant. Instead, use a strong, secure.
7+ note : >-
8+ [CWE-327] Use of a Broken or Risky Cryptographic Algorithm.
9+ [REFERENCES]
10+ - https://owasp.org/Top10/A02_2021-Cryptographic_Failures
11+ - https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
12+ rule :
13+ any :
14+ - pattern : $CIPHER.getInstance("RC2")
15+ - pattern : $CIPHER.getInstance($R)
16+ inside :
17+ stopBy : end
18+ kind : program
19+ has :
20+ stopBy : end
21+ kind : local_variable_declaration
22+ has :
23+ stopBy : end
24+ kind : variable_declarator
25+ all :
26+ - has :
27+ stopBy : neighbor
28+ kind : identifier
29+ pattern : $R
30+ - has :
31+ stopBy : neighbor
32+ kind : string_literal
33+ regex : ^"RC2"$
34+
Original file line number Diff line number Diff line change 1+ id : use-of-rc2-java
2+ snapshots :
3+ ? |
4+ public void testRC2InMap() {
5+ Map<String, Cipher> cipherMap = new HashMap<>();
6+ cipherMap.put("RC2", Cipher.getInstance("RC2"));
7+ }
8+ : labels :
9+ - source : Cipher.getInstance("RC2")
10+ style : primary
11+ start : 99
12+ end : 124
13+ ? |
14+ public void testRC2InSwitch() {
15+ String algorithm = "RC2";
16+ switch (algorithm) {
17+ case "RC2" :
18+ try {
19+ Cipher.getInstance(algorithm);
20+ } catch (Exception e) {
21+ e.printStackTrace();
22+ }
23+ break;
24+ }
25+ }
26+ : labels :
27+ - source : Cipher.getInstance(algorithm)
28+ style : primary
29+ start : 109
30+ end : 138
31+ - source : algorithm
32+ style : secondary
33+ start : 39
34+ end : 48
35+ - source : ' "RC2"'
36+ style : secondary
37+ start : 51
38+ end : 56
39+ - source : algorithm = "RC2"
40+ style : secondary
41+ start : 39
42+ end : 56
43+ - source : String algorithm = "RC2";
44+ style : secondary
45+ start : 32
46+ end : 57
47+ - source : |
48+ public void testRC2InSwitch() {
49+ String algorithm = "RC2";
50+ switch (algorithm) {
51+ case "RC2":
52+ try {
53+ Cipher.getInstance(algorithm);
54+ } catch (Exception e) {
55+ e.printStackTrace();
56+ }
57+ break;
58+ }
59+ }
60+ style: secondary
61+ start: 0
62+ end: 216
63+ ? |
64+ useCipher(Cipher.getInstance("RC2"));
65+ Cipher.getInstance("RC2");
66+ : labels :
67+ - source : Cipher.getInstance("RC2")
68+ style : primary
69+ start : 10
70+ end : 35
Original file line number Diff line number Diff line change 1+ id : use-of-rc2-java
2+ valid :
3+ - |
4+ Cipher.getInstance("AES/CBC/PKCS7PADDING");
5+ invalid :
6+ - |
7+ useCipher(Cipher.getInstance("RC2"));
8+ Cipher.getInstance("RC2");
9+ |
10+ public void testRC2InSwitch() {
11+ String algorithm = "RC2";
12+ switch (algorithm) {
13+ case "RC2":
14+ try {
15+ Cipher.getInstance(algorithm);
16+ } catch (Exception e) {
17+ e.printStackTrace();
18+ }
19+ break;
20+ }
21+ }
22+ |
23+ public void testRC2InMap() {
24+ Map<String, Cipher> cipherMap = new HashMap<>();
25+ cipherMap.put("RC2", Cipher.getInstance("RC2"));
26+ }
27+ |
28+ public void testRC2InSwitch() {
29+ String algorithm = "RC2";
30+ switch (algorithm) {
31+ case "RC2":
32+ try {
33+ Cipher.getInstance(algorithm);
34+ } catch (Exception e) {
35+ e.printStackTrace();
36+ }
37+ break;
38+ }
39+ }
You can’t perform that action at this time.
0 commit comments