Avoid custom digest. Datadog recommends using existing digests that are proven to be secure. NIST recommends the use of SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256.
classMyProprietaryMessageDigestextendsMessageDigest{@Overrideprotectedbyte[]engineDigest(){// Do not use your own digestreturnnull;}}
Compliant Code Examples
classUseExistingDigest{protectedvoidusingDigest{// instead of defining your own digest, use existing onesMessageDigestsha256Digest=MessageDigest.getInstance("SHA256");sha256Digest.update(password.getBytes());}}
シームレスな統合。 Datadog Code Security をお試しください
Datadog Code Security
このルールを試し、Datadog Code Security でコードを解析する
このルールの使用方法
1
2
rulesets:- java-security # Rules to enforce Java security.