ajinabraham.njsscan.crypto_node.node_weak_crypto

ajinabraham

Author

1,155

Download Count*

License

A weak or broken cryptographic algorithm was identified. Using these functions will introduce vulnerabilities or downgrade the security of your application.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: node_weak_crypto
    patterns:
      - pattern-either:
          - pattern: |
              $X.createCipher('des', ...)
    message: A weak or broken cryptographic algorithm was identified. Using these
      functions will introduce vulnerabilities or downgrade the security of your
      application.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a9
      cwe: cwe-327
      license: LGPL-3.0-or-later

Short Link: https://sg.run/jRGD