File tree 3 files changed +155
-0
lines changed
3 files changed +155
-0
lines changed Original file line number Diff line number Diff line change 1+ id : desede-is-deprecated-kotlin
2+ language : kotlin
3+ severity : warning
4+ message : >-
5+ Triple DES (3DES or DESede) is considered deprecated. AES is the recommended cipher. Upgrade to use AES.
6+ note : >-
7+ [CWE-326]: Inadequate Encryption Strength
8+ [OWASP A03:2017]: Sensitive Data Exposure
9+ [OWASP A02:2021]: Cryptographic Failures
10+ [REFERENCES]
11+ - https://find-sec-bugs.github.io/bugs.htm#TDES_USAGE
12+ - https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA
13+ utils :
14+ match_call_expression :
15+ kind : call_expression
16+ all :
17+ - has :
18+ kind : navigation_expression
19+ - has :
20+ stopBy : end
21+ kind : call_suffix
22+ all :
23+ - has :
24+ stopBy : end
25+ kind : value_arguments
26+ - has :
27+ stopBy : end
28+ kind : value_argument
29+ has :
30+ stopBy : end
31+ kind : string_literal
32+ regex : ' DESede'
33+ inside :
34+ kind : infix_expression
35+ precedes :
36+ kind : call_expression
37+ match_key_generator :
38+ kind : call_expression
39+ all :
40+ - has :
41+ kind : navigation_expression
42+ all :
43+ - has :
44+ kind : navigation_expression
45+ - has :
46+ stopBy : end
47+ kind : navigation_suffix
48+ has :
49+ stopBy : end
50+ kind : simple_identifier
51+ regex : ' ^KeyGenerator$'
52+ - has :
53+ stopBy : end
54+ kind : call_suffix
55+ all :
56+ - has :
57+ stopBy : end
58+ kind : value_arguments
59+ - has :
60+ stopBy : end
61+ kind : value_argument
62+ has :
63+ stopBy : end
64+ kind : string_literal
65+ regex : ' DES'
66+ rule :
67+ any :
68+ - matches : match_call_expression
69+ - matches : match_key_generator
Original file line number Diff line number Diff line change 1+ id : desede-is-deprecated-kotlin
2+ snapshots :
3+ ? |
4+ Cipher c = Cipher.getInstance("kDESede/ECB/PKCS5Padding");
5+ c.init(Cipher.ENCRYPT_MODE, k, iv);
6+ : labels :
7+ - source : Cipher.getInstance("kDESede/ECB/PKCS5Padding")
8+ style : primary
9+ start : 11
10+ end : 57
11+ - source : Cipher.getInstance
12+ style : secondary
13+ start : 11
14+ end : 29
15+ - source : ("kDESede/ECB/PKCS5Padding")
16+ style : secondary
17+ start : 29
18+ end : 57
19+ - source : ' "kDESede/ECB/PKCS5Padding"'
20+ style : secondary
21+ start : 30
22+ end : 56
23+ - source : ' "kDESede/ECB/PKCS5Padding"'
24+ style : secondary
25+ start : 30
26+ end : 56
27+ - source : ("kDESede/ECB/PKCS5Padding")
28+ style : secondary
29+ start : 29
30+ end : 57
31+ - source : c.init(Cipher.ENCRYPT_MODE, k, iv)
32+ style : secondary
33+ start : 59
34+ end : 93
35+ - source : Cipher c = Cipher.getInstance("kDESede/ECB/PKCS5Padding")
36+ style : secondary
37+ start : 0
38+ end : 57
39+ ? "javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance(\"DES\").generateKey(); \n"
40+ : labels :
41+ - source : javax.crypto.KeyGenerator.getInstance("DES")
42+ style : primary
43+ start : 29
44+ end : 73
45+ - source : javax.crypto.KeyGenerator
46+ style : secondary
47+ start : 29
48+ end : 54
49+ - source : KeyGenerator
50+ style : secondary
51+ start : 42
52+ end : 54
53+ - source : .KeyGenerator
54+ style : secondary
55+ start : 41
56+ end : 54
57+ - source : javax.crypto.KeyGenerator.getInstance
58+ style : secondary
59+ start : 29
60+ end : 66
61+ - source : ("DES")
62+ style : secondary
63+ start : 66
64+ end : 73
65+ - source : ' "DES"'
66+ style : secondary
67+ start : 67
68+ end : 72
69+ - source : ' "DES"'
70+ style : secondary
71+ start : 67
72+ end : 72
73+ - source : ("DES")
74+ style : secondary
75+ start : 66
76+ end : 73
Original file line number Diff line number Diff line change 1+ id : desede-is-deprecated-kotlin
2+ valid :
3+ - |
4+ Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
5+ invalid :
6+ - |
7+ Cipher c = Cipher.getInstance("kDESede/ECB/PKCS5Padding");
8+ c.init(Cipher.ENCRYPT_MODE, k, iv);
9+ |
10+ javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("DES").generateKey();
You can’t perform that action at this time.
0 commit comments