• Home
• com.github.albfernandez
• pmd-gds
• 2.36.0
• source code
• cwe-0327-weak-cryptographic-algorithms.xml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

rulesets.GDS.CWE.cwe-0327-weak-cryptographic-algorithms.xml Maven / Gradle / Ivy

<?xml version="1.0" encoding="UTF-8"?>
<ruleset name="A7 - Insecure Cryptographic Storage" 
 		 xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 https://pmd.sourceforge.io/ruleset_2_0_0.xsd">

	<description>
   		This file is part of the GDS PMD Secure Coding Ruleset.
   		
   		This ruleset contains rules that are intended to detect Insecure Cryptographic Storage weaknesses.
   </description>

	<rule class="net.sourceforge.pmd.lang.rule.XPathRule" name="InsecureCryptographicAlgorithm"
		message="Insecure Cryptographic Algorithm" externalInfoUrl="https://cwe.mitre.org/data/definitions/327.html"
		language="java">
		<description>
  		This rule is intended to identify instances of weak cryptographic algorithms. 
  		Violations should be manually reviewed and in most cases the algorithm should be replaced with a stronger alternative. 
  		Additional algorithms should be added for increased coverage.
  </description>
  <priority>3</priority>
		<properties>
			<property name="xpath">
				<value>
<![CDATA[
//PrimaryExpression[PrimaryPrefix/Name/@Image="Cipher.getInstance" and ./PrimarySuffix/Arguments//Literal[contains(@Image,"DES")] and /ImportDeclaration/Name[starts-with(@Image,"javax.crypto")]] |
//PrimaryExpression[PrimaryPrefix/Name/@Image="MessageDigest.getInstance" and ./PrimarySuffix/Arguments//Literal[contains(@Image,"MD5")] and /ImportDeclaration/Name[starts-with(@Image,"java.security")]] |
//PrimaryExpression[PrimaryPrefix/Name/@Image="MessageDigest.getInstance" and ./PrimarySuffix/Arguments//Literal[contains(@Image,"SHA1")] and /ImportDeclaration/Name[starts-with(@Image,"java.security")]]
]]>
    </value>
			</property>
		</properties>
		
	</rule>






</ruleset>