gitlab.find_sec_bugs.RSA_NO_PADDING-1

unknown
Download Count*
License

The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.

Run Locally

Run in CI

Defintion

rules:
  - id: find_sec_bugs.RSA_NO_PADDING-1
    patterns:
      - pattern: javax.crypto.Cipher.getInstance($ALG,...);
      - metavariable-regex:
          metavariable: $ALG
          regex: .*NoPadding.*
    message: >
      The software uses the RSA algorithm but does not incorporate Optimal
      Asymmetric

      Encryption Padding (OAEP), which might weaken the encryption.
    metadata:
      cwe: "CWE-780: Use of RSA Algorithm without OAEP"
      primary_identifier: find_sec_bugs.RSA_NO_PADDING-1
      secondary_identifiers:
        - name: Find Security Bugs-RSA_NO_PADDING
          type: find_sec_bugs_type
          value: RSA_NO_PADDING
      license: MIT
    severity: WARNING
    languages:
      - java