ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2277/php/rule.adoc

32 lines
889 B
Plaintext
Raw Normal View History

make in-line code blocks verbatim
2021-01-27 13:42:22 +01:00
Without OAEP in RSA encryption, it takes less work for an attacker to decrypt the data or infer patterns from the ciphertext. This rule logs an issue when ``++openssl_public_encrypt++`` is used with one the following padding constants: ``++OPENSSL_NO_PADDING++`` or ``++OPENSSL_PKCS1_PADDING++`` or ``++OPENSSL_SSLV23_PADDING++``.
Add rules 2000-2999
2020-06-30 12:48:07 +02:00
== Noncompliant Code Example
----
function encrypt($data, $key) {
$crypted='';
openssl_public_encrypt($data, $crypted, $key, OPENSSL_NO_PADDING); // Noncompliant
return $crypted;
}
----
== Compliant Solution
----
function encrypt($data, $key) {
$crypted='';
openssl_public_encrypt($data, $crypted, $key, OPENSSL_PKCS1_OAEP_PADDING);
return $crypted;
}
----
include::../see.adoc[]
Export comments and rspec-to-rspec links from jira
2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction
2021-06-03 09:05:38 +02:00
ifdef::env-github,rspecator-view[]
RULEAPI-576: add a horizontal rule between rule description and comments
2021-06-08 15:52:13 +02:00
'''
Export comments and rspec-to-rspec links from jira
2021-06-02 20:44:38 +02:00
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
Fix the comment display: rule-id, timestamp, GH visibility, link direction
2021-06-03 09:05:38 +02:00
endif::env-github,rspecator-view[]
Reference in New Issue Copy Permalink