hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Only recommend GCM, and tighten wording

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-01-07 16:55:10 +00:00
parent 5351f5b69d
commit 5959a736ac
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/semmle/code/java/security/Encryption.qll
View File

@@ -219,11 +219,11 @@ predicate insecureAlgorithm(string name, string reason) {
or
name = "ECB" and
reason =
"Encryption mode ECB, as in AES/ECB/NoPadding for example, is vulnerable to replay and other attacks. Consider using a different encryption mode, like CBC or GCM, instead."
"ECB mode, as in AES/ECB/NoPadding for example, is vulnerable to replay and other attacks. Consider using GCM instead."
or
name = "AES/CBC/PKCS[57]Padding" and
reason =
"CBC mode of operation with PKCS#5 or PKCS#7 padding is vulnerable to padding oracle attacks. Consider using GCM encryption mode instead."
"CBC mode with PKCS#5 or PKCS#7 padding is vulnerable to padding oracle attacks. Consider using GCM instead."
}
/**