gitlab.find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION-1

unknown

Download Count*

License

The network communications for Hazelcast is configured to use a symmetric cipher (probably DES or Blowfish). Those ciphers alone do not provide integrity or secure authentication. The use of asymmetric encryption is preferred.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION-1
    patterns:
      - pattern: new com.hazelcast.config.SymmetricEncryptionConfig()
    message: >
      The network communications for Hazelcast is configured to use a symmetric
      cipher (probably DES

      or Blowfish). Those ciphers alone do not provide integrity or secure authentication. The use of

      asymmetric encryption is preferred.
    languages:
      - java
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-326: Inadequate Encryption Strength"
      technology:
        - java
      primary_identifier: find_sec_bugs.HAZELCAST_SYMMETRIC_ENCRYPTION-1
      secondary_identifiers:
        - name: Find Security Bugs-HAZELCAST_SYMMETRIC_ENCRYPTION
          type: find_sec_bugs_type
          value: HAZELCAST_SYMMETRIC_ENCRYPTION
      license: MIT

Short Link: https://sg.run/ZP2L