Recipe Name:
Data Protection: Secure Data Storage: Avoid Data Exposure: Do not use NoOpPasswordEncoder
Description:
Could lead to data exposure
Level:
error
Language:
  • java
Tags:
  • Spring
  • security
  • framework specific
  • Spring Security
Documentation

Passwords should be hashed using strong algorithms, such as the BCryptPasswordEncoder. The NoOpPasswordEncoder should not be used.

Before
PasswordEncoder passwordEncoder = new NoOpPasswordEncoder();
After
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
Resources
Recipe
id: scw:spring:security:nooppasswordencoder
version: 10
metadata:
  name: 'Data Protection: Secure Data Storage: Avoid Data Exposure: Do not use NoOpPasswordEncoder'
  shortDescription: Could lead to data exposure
  level: error
  language: java
  newCodeOnly: false
  scwCategory: broken_cryptography:use_of_insecuredeprecated_alogirthms
  enabled: true
  descriptionFile: descriptions/DataProtectionSecureDataStorageAvoidDataExposureDoNotUseNoOpPasswordEncoder.html
  tags: Spring;security;framework specific;Spring Security
search:
  methodcall:
    name: getInstance
    declaration:
      type: org.springframework.security.crypto.password.NoOpPasswordEncoder
availableFixes:
- name: Use BCryptPasswordEncoder
  actions:
  - rewrite:
      to: new org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder()