gitlab.find_sec_bugs.DES_USAGE-1

unknown

Download Count*

License

DES is considered strong ciphers for modern applications. Currently, NIST recommends the usage of AES block ciphers instead of DES.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: find_sec_bugs.DES_USAGE-1
    patterns:
      - pattern-inside: javax.crypto.Cipher.getInstance("$ALG")
      - metavariable-regex:
          metavariable: $ALG
          regex: ^(DES)/.*
    message: >
      DES is considered strong ciphers for modern applications. Currently, NIST
      recommends the usage

      of AES block ciphers instead of DES.
    languages:
      - java
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-326: Inadequate Encryption Strength"
      technology:
        - java
      primary_identifier: find_sec_bugs.DES_USAGE-1
      secondary_identifiers:
        - name: Find Security Bugs-DES_USAGE
          type: find_sec_bugs_type
          value: DES_USAGE
      license: MIT

Short Link: https://sg.run/kDnz