gitlab.find_sec_bugs.CIPHER_INTEGRITY-1

unknown

Download Count*

License

The ciphertext produced is susceptible to alteration by an adversary. This mean that the cipher provides no way to detect that the data has been tampered with. If the ciphertext can be controlled by an attacker, it could be altered without detection.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: find_sec_bugs.CIPHER_INTEGRITY-1
    patterns:
      - pattern-inside: javax.crypto.Cipher.getInstance("...")
      - pattern-either:
          - pattern-regex: (/CBC/PKCS5Padding)
          - pattern-regex: (AES|DES(ede)?)(/ECB/*)
      - pattern-not-regex: .*/(CCM|CWC|OCB|EAX|GCM)/.*
      - pattern-not-regex: ^(RSA)/.*
      - pattern-not-regex: ^(ECIES)$
    message: >
      The ciphertext produced is susceptible to alteration by an adversary. This
      mean that the

      cipher provides no way to detect that the data has been tampered with. If the ciphertext can be

      controlled by an attacker, it could be altered without detection.
    languages:
      - java
    severity: ERROR
    metadata:
      category: security
      cwe: "CWE-353: Missing Support for Integrity Check"
      technology:
        - java
      primary_identifier: find_sec_bugs.CIPHER_INTEGRITY-1
      secondary_identifiers:
        - name: Find Security Bugs-CIPHER_INTEGRITY
          type: find_sec_bugs_type
          value: CIPHER_INTEGRITY
      license: MIT

Short Link: https://sg.run/O4Db