• Home
• org.sonarsource.java
• java-checks
• 3.13
• source code
• S2258.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.java.rules.squid.S2258.html Maven / Gradle / Ivy

By contract, the NullCipher class provides an "identity cipher" -- one that does not transform or encrypt the plaintext in any way. As a consequence, the ciphertext is identical to the plaintext. So this class should be used for testing, and never in production code.
Noncompliant Code Example

NullCipher nc=new NullCipher();

See


 CWE-327: Use of a Broken or Risky Cryptographic Algorithm
 OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure
 Derived from FindSecBugs rule NullCipher Unsafe