ajinabraham.njsscan.crypto_node.node_aes_ecb

Author
1,155
Download Count*
License
AES with ECB mode is deterministic in nature and not suitable for encrypting large amount of repetitive data.
Run Locally
Run in CI
Defintion
rules:
- id: node_aes_ecb
patterns:
- pattern-either:
- pattern: |
$X.createCipheriv("=~/^aes-([0-9]+)-ecb$/i", ...)
- pattern: |
$X.createDecipheriv("=~/^aes-([0-9]+)-ecb$/i", ...)
message: AES with ECB mode is deterministic in nature and not suitable for
encrypting large amount of repetitive data.
languages:
- javascript
severity: ERROR
metadata:
owasp-web: a9
cwe: cwe-327
license: LGPL-3.0-or-later
Short Link: https://sg.run/2x38