rspec/rules/S4790/java/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

----
MessageDigest md1 = MessageDigest.getInstance("SHA");  // Sensitive:  SHA is not a standard name, for most security providers it's an alias of SHA-1
MessageDigest md2 = MessageDigest.getInstance("SHA1");  // Sensitive
----

== Compliant Solution

[source,java]
----
MessageDigest md1 = MessageDigest.getInstance("SHA-512"); // Compliant
----

include::../see-mobile.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

'''
== Comments And Links
(visible only on this page)

=== on 14 Sep 2018, 19:06:56 Nicolas Harraudeau wrote:
The goal is to highlight code that initiates a hashing process. The Hash functions can be used by many different classes and it would be too complicated to list them all. Thus we detect the requests for hashing functions themselves, or the shortcut functions which hash without asking for a hash function (ex: ``++org.apache.commons.codec.digest.DigestUtils.sha1(data)++``).

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`----`
Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00			`MessageDigest md1 = MessageDigest.getInstance("SHA"); // Sensitive: SHA is not a standard name, for most security providers it's an alias of SHA-1`
			`MessageDigest md2 = MessageDigest.getInstance("SHA1"); // Sensitive`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00			`----`

			`== Compliant Solution`

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00			`----`
Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00			`MessageDigest md1 = MessageDigest.getInstance("SHA-512"); // Compliant`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00			`----`

Update security rules: add OWASP Mobile Top 10 2024 security standard (APPSEC-2383) (#4660) 2025-02-19 17:19:00 +01:00			`include::../see-mobile.adoc[]`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`

			`include::../highlighting.adoc[]`

RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== on 14 Sep 2018, 19:06:56 Nicolas Harraudeau wrote:`
			The goal is to highlight code that initiates a hashing process. The Hash functions can be used by many different classes and it would be too complicated to list them all. Thus we detect the requests for hashing functions themselves, or the shortcut functions which hash without asking for a hash function (ex: ``++org.apache.commons.codec.digest.DigestUtils.sha1(data)++``).

			`include::../comments-and-links.adoc[]`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`