16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
43 lines
1.2 KiB
Plaintext
43 lines
1.2 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
MessageDigest md1 = MessageDigest.getInstance("SHA"); // Sensitive: SHA is not a standard name, for most security providers it's an alias of SHA-1
|
|
MessageDigest md2 = MessageDigest.getInstance("SHA1"); // Sensitive
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,java]
|
|
----
|
|
MessageDigest md1 = MessageDigest.getInstance("SHA-512"); // Compliant
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
include::../highlighting.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 14 Sep 2018, 19:06:56 Nicolas Harraudeau wrote:
|
|
The goal is to highlight code that initiates a hashing process. The Hash functions can be used by many different classes and it would be too complicated to list them all. Thus we detect the requests for hashing functions themselves, or the shortcut functions which hash without asking for a hash function (ex: ``++org.apache.commons.codec.digest.DigestUtils.sha1(data)++``).
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|