• Home
• org.codehaus.sonar-plugins.java
• java-checks
• 2.9
• source code
• S2257.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.java.rules.squid.S2257.html Maven / Gradle / Ivy

The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like SHA-256, SHA-384, SHA-512, ... should be used instead.
This rule tracks creation of java.security.MessageDigest subclasses.

Noncompliant code example

MyCryptographicAlgorithm extends MessageDigest {
  ...
}


See


  
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
  
OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure
  
SANS TOP 25
  
Derived from FindSecBugs rule MessageDigest is Custom