gitlab.flawfinder.EVP_rc4_40-1.EVP_rc2_40_cbc-1.EVP_rc2_64_cbc-1

137

Download Count*

MIT

License

Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: flawfinder.EVP_rc4_40-1.EVP_rc2_40_cbc-1.EVP_rc2_64_cbc-1
    languages:
      - c
    message: >
      Use a different patent-free encryption algorithm with a larger keysize,
      such as 3DES or AES.
    metadata:
      cwe: "CWE-327: These keysizes are too small given today's computers (CWE-327)"
      primary_identifier: flawfinder.EVP_rc4_40-1.EVP_rc2_40_cbc-1.EVP_rc2_64_cbc-1
      secondary_identifiers:
        - name: Flawfinder - EVP_rc4_40
          type: flawfinder_func_name
          value: EVP_rc4_40
        - name: Flawfinder - EVP_rc2_40_cbc
          type: flawfinder_func_name
          value: EVP_rc2_40_cbc
        - name: Flawfinder - EVP_rc2_64_cbc
          type: flawfinder_func_name
          value: EVP_rc2_64_cbc
      license: MIT
    pattern-either:
      - pattern: EVP_rc4_40(...)
      - pattern: EVP_rc2_40_cbc(...)
      - pattern: EVP_rc2_64_cbc(...)
    severity: ERROR

Short Link: https://sg.run/YXxW