rspec/rules/S2087/comments-and-links.adoc

=== Related: RSPEC-4787

=== On 2014-10-02T15:37:17Z Ann Campbell Wrote:
\[~nicolas.peru] I've mapped this to find-sec-bugs:RSA_KEY_SIZE but the CWE page talks mainly about Base64 encoding. Is a key size check doable? 

=== On 2014-10-08T08:34:54Z Nicolas Peru Wrote:
RSA_KEY_SIZE checks the ``++KeyPairGenerator++`` class and the calls to ``++getInstance++`` and ``++initialize++`` methods. 

Those are a little bit different as Base64 is not an encryption mechanism whereas the other is correct but weak. 


We can still squash them into one rule though.
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`=== Related: RSPEC-4787`

			`=== On 2014-10-02T15:37:17Z Ann Campbell Wrote:`
			`\[~nicolas.peru] I've mapped this to find-sec-bugs:RSA_KEY_SIZE but the CWE page talks mainly about Base64 encoding. Is a key size check doable?`

			`=== On 2014-10-08T08:34:54Z Nicolas Peru Wrote:`
			RSA_KEY_SIZE checks the ``++KeyPairGenerator++`` class and the calls to ``++getInstance++`` and ``++initialize++`` methods.

			`Those are a little bit different as Base64 is not an encryption mechanism whereas the other is correct but weak.`


			`We can still squash them into one rule though.`