Make sure that encrypting data is safe here. AES/GCM/NoPadding, RSA/ECB/PKCS1Padding

Reference

  1. Cipher c = Cipher.getInstance(“AES/GCM/NoPadding”);

  2. Cipher c = Cipher.getInstance(“RSA/ECB/PKCS1Padding”);

This 2 lines of code give me Make sure that encrypting data is safe here.

Hi @Dionis_Beqiraj,

Thanks for your first post on the SonarQube community forum.

The reply from Saptarshi Basu on stackoverflow is perfect.

The rule RSPEC-4787 is a Security Hotpost. It is there to highlight security-sensitive pieces of code that need to be manually reviewed. Once you have performed your review and you are convinced that the way you are using Cipher.getInstance is safe, you can close the Security Hotspot as “Resolve as Reviewed”.

image

Regards
Alex

1 Like