des-is-deprecated-kotlin

ESS-ENN · ESS-ENN · commit b62d49af046d · 2024-09-12T17:06:05.000+05:30
diff --git a/rules/kotlin/security/des-is-deprecated-kotlin.yml b/rules/kotlin/security/des-is-deprecated-kotlin.yml
@@ -0,0 +1,16 @@
+id: des-is-deprecated-kotlin
+severity: warning
+language: kotlin
+message: >-
+  DES is considered deprecated. AES is the recommended cipher. Upgrade to
+  use AES. See https://www.nist.gov/news-events/news/2005/06/nist-withdraws-outdated-data-encryption-standard
+  for more information.
+note: >-
+  [CWE-326] Inadequate Encryption Strength.
+  [REFERENCES]
+      - https://www.nist.gov/news-events/news/2005/06/nist-withdraws-outdated-data-encryption-standard
+rule:
+  pattern: $CIPHER.getInstance($SAS)
+constraints:
+  SAS:
+    regex: "DES"
diff --git a/tests/__snapshots__/des-is-deprecated-kotlin-snapshot.yml b/tests/__snapshots__/des-is-deprecated-kotlin-snapshot.yml
@@ -0,0 +1,9 @@
+id: des-is-deprecated-kotlin
+snapshots:
+  ? |
+    Cipher.getInstance("DES/ECB/PKCS5Padding");
+  : labels:
+    - source: Cipher.getInstance("DES/ECB/PKCS5Padding")
+      style: primary
+      start: 0
+      end: 42
diff --git a/tests/kotlin/des-is-deprecated-kotlin-test.yml b/tests/kotlin/des-is-deprecated-kotlin-test.yml
@@ -0,0 +1,7 @@
+id: des-is-deprecated-kotlin
+valid:
+  - |
+    Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
+invalid:
+  - |
+    Cipher.getInstance("DES/ECB/PKCS5Padding");
