gitlab.find_sec_bugs.CUSTOM_MESSAGE_DIGEST-1

unknown
Download Count*
MIT
License

Implementing a custom MessageDigest is error-prone. National Institute of Standards and Technology(NIST) recommends the use of SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: find_sec_bugs.CUSTOM_MESSAGE_DIGEST-1
    patterns:
      - pattern: |
          class $CLAZZ extends java.security.MessageDigest {
            ...
          }
    message: >
      Implementing a custom MessageDigest is error-prone. National Institute of
      Standards and

      Technology(NIST) recommends the use of SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or

      SHA-512/256.
    languages:
      - java
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
      technology:
        - java
      primary_identifier: find_sec_bugs.CUSTOM_MESSAGE_DIGEST-1
      secondary_identifiers:
        - name: Find Security Bugs-CUSTOM_MESSAGE_DIGEST
          type: find_sec_bugs_type
          value: CUSTOM_MESSAGE_DIGEST
      license: MIT