rspec/rules/S2277/java/rule.adoc

Without OAEP in RSA encryption, it takes less work for an attacker to decrypt the data or infer patterns from the ciphertext. This rule logs an issue as soon as a literal value starts with ``++RSA/NONE++``. 

== Noncompliant Code Example

----
Cipher rsa = javax.crypto.Cipher.getInstance("RSA/NONE/NoPadding");
----

== Compliant Solution

----
Cipher rsa = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			Without OAEP in RSA encryption, it takes less work for an attacker to decrypt the data or infer patterns from the ciphertext. This rule logs an issue as soon as a literal value starts with ``++RSA/NONE++``.
Add rules 2000-2999 2020-06-30 12:48:07 +02:00
			`== Noncompliant Code Example`

			`----`
			`Cipher rsa = javax.crypto.Cipher.getInstance("RSA/NONE/NoPadding");`
			`----`

			`== Compliant Solution`

			`----`
			`Cipher rsa = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");`
			`----`

			`include::../see.adoc[]`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::../comments-and-links.adoc[]`
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`