Without OAEP in RSA encryption, it takes less work for an attacker to decrypt the data or infer patterns from the ciphertext. This rule logs an issue as soon as a literal value starts with ``++RSA/NONE++``. 

== Noncompliant Code Example

----
Cipher rsa = javax.crypto.Cipher.getInstance("RSA/NONE/NoPadding");
----

== Compliant Solution

----
Cipher rsa = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
----

include::../see.adoc[]