rspec/rules/S5542/kotlin/rule.adoc


include::../summary.adoc[]

== Why is this an issue?

include::../rationale.adoc[]

include::../impact.adoc[]

// How to fix it section

include::how-to-fix-it/java-cryptographic-extension.adoc[]

== Resources

include::../common/resources/docs.adoc[]

include::../common/resources/articles.adoc[]

include::../common/resources/presentations.adoc[]

include::../common/resources/standards.adoc[]

* https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements[Mobile AppSec Verification Standard] - Cryptography Requirements
* https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[OWASP Mobile Top 10 2016 Category M5] - Insufficient Cryptography
* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
* https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

==== ECB

Use a secure cipher mode.

==== CBC

Use another cipher mode or disable padding.

==== RSA

Use a secure padding scheme.


=== Highlighting

javax.crypto.Cipher#Cipher.getInstance

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]
Modify S5542: Learn-As-You-Code migration (#2011) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 10:27:53 +02:00
			`include::../summary.adoc[]`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Modify S5542: Learn-As-You-Code migration (#2011) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 10:27:53 +02:00			`include::../rationale.adoc[]`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00
Modify S5542: Learn-As-You-Code migration (#2011) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 10:27:53 +02:00			`include::../impact.adoc[]`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00
Modify S5542: Learn-As-You-Code migration (#2011) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 10:27:53 +02:00			`// How to fix it section`
Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00
Modify S5542: Learn-As-You-Code migration (#2011) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 10:27:53 +02:00			`include::how-to-fix-it/java-cryptographic-extension.adoc[]`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00
Modify S5542: Learn-As-You-Code migration (#2011) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 10:27:53 +02:00			`== Resources`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00
Modify S5542: Learn-As-You-Code migration (#2011) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 10:27:53 +02:00			`include::../common/resources/docs.adoc[]`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00
Modify S5542: Learn-As-You-Code migration (#2011) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 10:27:53 +02:00			`include::../common/resources/articles.adoc[]`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00
Modify S5542: Learn-As-You-Code migration (#2011) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 10:27:53 +02:00			`include::../common/resources/presentations.adoc[]`
Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00
Modify S5542: Learn-As-You-Code migration (#2011) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 10:27:53 +02:00			`include::../common/resources/standards.adoc[]`
Make sure that includes are always surrounded by empty lines (#2270) When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again. 2023-06-22 10:38:01 +02:00
add mobile security standards, links and tags to mobile rules and add new CWEv4.4 entries (#112) 2021-06-10 10:04:10 +02:00			`* https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements[Mobile AppSec Verification Standard] - Cryptography Requirements`
			`* https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[OWASP Mobile Top 10 2016 Category M5] - Insufficient Cryptography`
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) * Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files 2022-04-07 08:53:59 -05:00			`* https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm`
Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00			`* https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== Message`

			`==== ECB`

			`Use a secure cipher mode.`

			`==== CBC`

			`Use another cipher mode or disable padding.`

			`==== RSA`

			`Use a secure padding scheme.`


			`=== Highlighting`

			`javax.crypto.Cipher#Cipher.getInstance`

RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::../comments-and-links.adoc[]`
Modify S5542: Learn-As-You-Code migration (#2011) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 10:27:53 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`