Using Sonarqube 8.2 with latest SonarJava we get the following false positive “Use secure mode and padding scheme.” for this code: cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING"); The description o…
Encryption algorithms should be used with secure mode and padding scheme java:S5542 private static final String algorithm = “AES”; private String transformation = algorithm + “/ECB/PKCS5Padding”; Cipher cipher = Cipher.getInstance(transformation); cipher.init(Cipher.ENCRY...
S5332: Using clear-text protocols is security-sensitive S4036: Searching OS commands in PATH is security-sensitive S2077: Formatting SQL queries is security-sensitive Java analysis The following Spring Java rules have been added: The following Spring Java rules have been improved: ...
Java static code analysis Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your JAVA code Encryption algorithms should be used with secure mode and padding scheme responsibility-trustworthy security Vulnerability