Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Metadata
ID:java-security/message-digest-custom
Language: Java
Severity: Notice
Category: Security
Description
Avoid custom digest. Datadog recommends using existing digests that are proven to be secure. NIST recommends the use of SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256.
classMyProprietaryMessageDigestextendsMessageDigest{@Overrideprotectedbyte[]engineDigest(){// Do not use your own digest
returnnull;}}
Compliant Code Examples
classUseExistingDigest{protectedvoidusingDigest{// instead of defining your own digest, use existing ones
MessageDigestsha256Digest=MessageDigest.getInstance("SHA256");sha256Digest.update(password.getBytes());}}
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- java-security # Rules to enforce Java security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines
