AES GCM encryption throwing error

Quick question…

Receiving a S4787 critical sonar warning on the following line…

Cipher cipher = Cipher.getInstance(“AES/GCM/NoPadding”);

I changed from CBC to GCM however that did not resolve the issue. Any ideas?

Please advise,

Thanks, Paula

hello @Paula,

I believe you are using SonarQube 6.7? This is a new type of rule, which is called “hotspot” rule, introduced in SQ 7 series. In the older versions of SonarQube, where this type of the rule is not yet supported, it will be categorized as Vulnerability. If the encryption used is safe, there is nothing to fix, this is only to guide the security review of the code. You can find more information here

Much thanks Tibor, new to Sonar and appreciate your help.

I was misguided, looking for an error in the specific line of code.