Sensei Logo Sensei Hub

Recipe - Use .stronger() for a more secure alternative

Description:
Encryptors.stronger() is more secure than Encryptors.standard()
Level:
warning
Language:
  • java
Tags:
  • Spring
  • security
  • framework specific
  • Spring Security
Documentation

The Encryptor.standard() is not an authenticated mode of encryption. It does not guarantee the authenticity of the data. Encryptors.stronger() provides a much more secure alternative.

Before
Encryptors.standard(password, salt);
After
Encryptors.stronger(password, salt);
References
Recipe
id: scw:spring:encryptors:stronger
version: 10
metadata:
  name: Use .stronger() for a more secure alternative
  shortDescription: Encryptors.stronger() is more secure than Encryptors.standard()
  level: warning
  language: java
  scwCategory: broken_cryptography:use_of_insecuredeprecated_alogirthms
  enabled: true
  descriptionFile: descriptions/Usestrongerforamoresecurealternative.html
  tags: Spring;security;framework specific;Spring Security
search:
  methodcall:
    name: standard
    type: org.springframework.security.crypto.encrypt.Encryptors
availableFixes:
- name: Replace with .stronger()
  actions:
  - rewrite:
      to: '{{{ qualifier }}}.stronger{{{ argumentList }}}'