2020-06-30 14:41:58 +02:00
|
|
|
include::../description.adoc[]
|
|
|
|
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
|
|
|
|
|
|
https://nodejs.org/api/crypto.html[crypto] built-in module:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
crypto.createCipheriv("DES", key, iv); // Noncompliant: DES / 3DES is unsecure
|
|
|
|
|
crypto.createCipheriv("DES-EDE", key, ""); // Noncompliant: DES / 3DES is unsecure
|
|
|
|
|
crypto.createCipheriv("DES-EDE3", key, ""); // Noncompliant: DES / 3DES is unsecure
|
|
|
|
|
crypto.createCipheriv("RC2", key, iv); // Noncompliant: RC2 is vulnerable to a related-key attack
|
|
|
|
|
crypto.createCipheriv("RC4", key, "");// Noncompliant: RC4 is vulnerable to several attacks
|
|
|
|
|
crypto.createCipheriv("BF", key, iv);// Noncompliant: Blowfish use a 64-bit block size makes it vulnerable to birthday attacks
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
|
|
|
|
|
|
https://nodejs.org/api/crypto.html[crypto] built-in module:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
crypto.createCipheriv("AES-256-GCM", key, iv);
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
include::../see.adoc[]
|
2021-06-02 20:44:38 +02:00
|
|
|
|
2021-06-03 09:05:38 +02:00
|
|
|
ifdef::env-github,rspecator-view[]
|
2021-06-08 15:52:13 +02:00
|
|
|
'''
|
2021-06-02 20:44:38 +02:00
|
|
|
== Comments And Links
|
|
|
|
|
(visible only on this page)
|
|
|
|
|
|
|
|
|
|
include::../comments-and-links.adoc[]
|
2021-06-03 09:05:38 +02:00
|
|
|
endif::env-github,rspecator-view[]
|
