ajinabraham.njsscan.crypto.crypto_node.node_aes_ecb

profile photo of ajinabrahamajinabraham
Author
unknown
Download Count*
License

AES with ECB mode is deterministic in nature and not suitable for encrypting large amount of repetitive data.

Run Locally

Run in CI

Defintion

rules:
  - id: node_aes_ecb
    patterns:
      - pattern-either:
          - pattern: |
              $X.createCipheriv("=~/^aes-([0-9]+)-ecb$/i", ...)
          - pattern: |
              $X.createDecipheriv("=~/^aes-([0-9]+)-ecb$/i", ...)
    message: AES with ECB mode is deterministic in nature and not suitable for
      encrypting large amount of repetitive data.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a9
      cwe: cwe-327
      license: LGPL-3.0-or-later
      vulnerability_class:
        - Other