rspec/rules/S4432/java/rule.adoc

== Why is this an issue?

The Advanced Encryption Standard (AES) encryption algorithm can be used with various modes. Some combinations are not secured:

* Electronic Codebook (ECB) mode: Under a given key, any given plaintext block always gets encrypted to the same ciphertext block. Thus, it does not hide data patterns well. In some senses, it doesn't provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all.
* Cipher Block Chaining (CBC) with PKCS#5 padding (or PKCS#7) is susceptible to padding oracle attacks.

In both cases, Galois/Counter Mode (GCM) with no padding should be preferred.


This rule raises an issue when a ``++Cipher++`` instance is created with either ECB or CBC/PKCS5Padding mode.

=== Noncompliant code example

[source,java]
----
Cipher c1 = Cipher.getInstance("AES/ECB/NoPadding"); // Noncompliant
Cipher c2 = Cipher.getInstance("AES/CBC/PKCS5Padding"); // Noncompliant
----

=== Compliant solution

[source,java]
----
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
----

== Resources

* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm]
* https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms
* https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf[Recommendation for Block Cipher Modes of Operation]
* Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#ECB_MODE[ECB_MODE]
* Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#PADDING_ORACLE[PADDING_ORACLE]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Use Galois/Counter Mode (GCM/NoPadding) instead.


=== Highlighting

Cipher.getInstance() call


'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`The Advanced Encryption Standard (AES) encryption algorithm can be used with various modes. Some combinations are not secured:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`* Electronic Codebook (ECB) mode: Under a given key, any given plaintext block always gets encrypted to the same ciphertext block. Thus, it does not hide data patterns well. In some senses, it doesn't provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all.`
			`* Cipher Block Chaining (CBC) with PKCS#5 padding (or PKCS#7) is susceptible to padding oracle attacks.`

			`In both cases, Galois/Counter Mode (GCM) with no padding should be preferred.`

Force linebreaks 2021-02-02 15:02:10 +01:00
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			This rule raises an issue when a ``++Cipher++`` instance is created with either ECB or CBC/PKCS5Padding mode.
Add rules 4000-4999 2020-06-30 12:49:37 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Add rules 4000-4999 2020-06-30 12:49:37 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`----`
			`Cipher c1 = Cipher.getInstance("AES/ECB/NoPadding"); // Noncompliant`
			`Cipher c2 = Cipher.getInstance("AES/CBC/PKCS5Padding"); // Noncompliant`
			`----`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
Add rules 4000-4999 2020-06-30 12:49:37 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`----`
			`Cipher c = Cipher.getInstance("AES/GCM/NoPadding");`
			`----`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Resources`
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) * Fix all CWE references * Fix all OWASP references * Fix missing CWE prefixes 2024-01-15 17:15:56 +01:00			`* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]`
			`* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm]`
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00			`* https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms`
			`* https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf[Recommendation for Block Cipher Modes of Operation]`
			`* Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#ECB_MODE[ECB_MODE]`
			`* Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#PADDING_ORACLE[PADDING_ORACLE]`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== Message`

			`Use Galois/Counter Mode (GCM/NoPadding) instead.`


			`=== Highlighting`

			`Cipher.getInstance() call`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00

RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::../comments-and-links.adoc[]`
Make sure that includes are always surrounded by empty lines (#2270) When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again. 2023-06-22 10:38:01 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`