このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
ID: java-security/aes-ecb-insecure
Language: Java
Severity: Error
Category: Security
CWE: 326
Description
Electronic Code Book (ECB) is insecure. Datadog recommends using other mechanisms.
Learn More
Non-Compliant Code Examples
class MyClass {
public void test1() {
Cipher c = Cipher.getInstance("AES/ECB/NoPadding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);
}
public void test2() {
Cipher c = javax.crypto.Cipher.getInstance("AES/ECB/NoPadding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);
}
}
Compliant Code Examples
class MyClass {
public void test() {
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);
}
}
Seamless integrations. Try Datadog Code Analysis
