gitlab.find_sec_bugs.NULL_CIPHER-1

unknown

Download Count*

License

The NullCipher implements the Cipher interface by returning ciphertext identical to the supplied plaintext. In a few contexts, such as testing, a NullCipher may be appropriate. Avoid using the NullCipher. Its accidental use can introduce a significant confidentiality risk.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: find_sec_bugs.NULL_CIPHER-1
    pattern: new javax.crypto.NullCipher()
    message: >
      The NullCipher implements the Cipher interface by returning ciphertext
      identical to the

      supplied plaintext. In a few contexts, such as testing, a NullCipher may be appropriate. Avoid

      using the NullCipher. Its accidental use can introduce a significant confidentiality risk.
    languages:
      - java
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
      technology:
        - java
      primary_identifier: find_sec_bugs.NULL_CIPHER-1
      secondary_identifiers:
        - name: Find Security Bugs-NULL_CIPHER
          type: find_sec_bugs_type
          value: NULL_CIPHER
      license: MIT

Short Link: https://sg.run/EzLo