gitlab.find_sec_bugs.TDES_USAGE-1

unknown

Download Count*

License

Triple DES (also known as 3DES or DESede) is considered strong ciphers for modern applications. NIST recommends the usage of AES block ciphers instead of 3DES.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: find_sec_bugs.TDES_USAGE-1
    patterns:
      - pattern-inside: javax.crypto.Cipher.getInstance("$ALG")
      - metavariable-regex:
          metavariable: $ALG
          regex: ^(DESede)/.*
    message: >
      Triple DES (also known as 3DES or DESede) is considered strong ciphers for
      modern

      applications. NIST recommends the usage of AES block ciphers instead of 3DES.
    languages:
      - java
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-326: Inadequate Encryption Strength"
      technology:
        - java
      primary_identifier: find_sec_bugs.TDES_USAGE-1
      secondary_identifiers:
        - name: Find Security Bugs-TDES_USAGE
          type: find_sec_bugs_type
          value: TDES_USAGE
      license: MIT

Short Link: https://sg.run/w4BX