Recipe Name:
Data Protection - Cryptography: Avoid cryptographic weakness: Use appropriate key pair generation algorithm: insecure
Description:
Could lead to cryptographic weakness
Level:
error
Language:
  • java
Tags:
  • security
  • basic protection set
Documentation

Secure coding practices prescribe to use the RSA algorithm for asymmetric encryption. Using other asymmetric encryption algorithms could lead to cryptographic weakness.

Before
KeyFactory kf = KeyFactory.getInstance("DiffieHellman");
After
KeyFactory kf = KeyFactory.getInstance("RSA");
Recipe
id: scw:crypto:keyfactory-insecure-algos
version: 10
metadata:
  name: 'Data Protection - Cryptography: Avoid cryptographic weakness: Use appropriate key pair generation algorithm: insecure'
  shortDescription: Could lead to cryptographic weakness
  level: error
  language: java
  newCodeOnly: false
  scwCategory: broken_cryptography:use_of_insecuredeprecated_alogirthms
  enabled: true
  descriptionFile: Java/Crypto/descriptions/Data_Protection_-_Cryptography__Avoid_cryptographic_weakness__Use_appropriate_key_pair_generation_algorithm__insecure.html
  tags: security;basic protection set
search:
  methodcall:
    args:
      1:
        type: java.lang.String
        value:
          stringified:
            matches: DiffieHellman|DSA
    name: getInstance
    declaration:
      type: java.security.KeyFactory
availableFixes:
- name: Use RSA
  actions:
  - rewrite:
      to: '{{{ expressionElement }}}("RSA")'