rsa-padding-set-scala

ESS-ENN · ESS-ENN · commit c799d8fdce78 · 2024-12-05T18:07:05.000+05:30
diff --git a/rules/scala/security/rsa-padding-set-scala.yml b/rules/scala/security/rsa-padding-set-scala.yml
@@ -0,0 +1,17 @@
+id: rsa-padding-set-scala
+language: scala
+severity: warning
+message: >-
+  Usage of RSA without OAEP (Optimal Asymmetric Encryption Padding) may
+      weaken encryption. This could lead to sensitive data exposure. Instead,
+      use RSA with `OAEPWithMD5AndMGF1Padding` instead.
+note: >-
+  [CWE-780] Use of RSA Algorithm without OAEP
+  [REFERENCES]
+      - https://owasp.org/Top10/A02_2021-Cryptographic_Failures
+rule:
+  any:
+  - pattern: $CIPHER.getInstance($MODE)
+constraints:
+  MODE:
+    regex: '.*RSA/.*/NoPadding.*'
diff --git a/tests/__snapshots__/rsa-padding-set-scala-snapshot.yml b/tests/__snapshots__/rsa-padding-set-scala-snapshot.yml
@@ -0,0 +1,8 @@
+id: rsa-padding-set-scala
+snapshots:
+  Cipher.getInstance("RSA/ECB/NoPadding"):
+    labels:
+    - source: Cipher.getInstance("RSA/ECB/NoPadding")
+      style: primary
+      start: 0
+      end: 39
diff --git a/tests/scala/rsa-padding-set-scala-test.yml b/tests/scala/rsa-padding-set-scala-test.yml
@@ -0,0 +1,9 @@
+id: rsa-padding-set-scala
+valid:
+  - |
+    Cipher.getInstance("AES/CBC/PKCS5Padding");
+    Cipher.getInstance("DES/ECB/PKCS5Padding");
+    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+invalid:
+  - |
+    Cipher.getInstance("RSA/ECB/NoPadding")
