The Mcrypt library has been deprecated as of PHP 7.1.0 and removed entirely in PHP 7.2.0. Its use in modern applications is strongly discouraged due to its outdated and insecure cryptographic algorithms.
Using deprecated encryption methods can lead to significant security vulnerabilities, including susceptibility to brute force attacks and other forms of cryptographic hacking. These vulnerabilities can lead to the exposure of sensitive user data, which can have severe legal and reputational consequences.
To avoid this, it is recommended to use modern and secure encryption methods, such as the openssl_encrypt function with “aes-256-gcm” cipher method or the sodium_crypto_aead_aes256gcm_encrypt function. These methods provide strong encryption and are actively maintained, ensuring that your application remains secure against the latest threats. Maintaining an awareness of current best practices in cryptographic security is an essential part of responsible PHP development.
Non-Compliant Code Examples
<?php// Weak encryption using openssl with DES
$key="key";$data="Sensitive Data";openssl_encrypt($data,"des-ofb",$key,$options=OPENSSL_RAW_DATA,$iv);// Noncompliant
<?php// Weak encryption using mcrypt with DES and ECB mode
$key='bad-key-';$data='Sensitive Data';$encryptedData=mcrypt_encrypt(MCRYPT_DES,$key,$data,MCRYPT_MODE_ECB);
Compliant Code Examples
<?php// Strong encryption using sodium with aes-256
$key="key";$data="Sensitive Data";$nonce="fh574569";sodium_crypto_aead_aes256gcm_encrypt($data,'',$nonce,$key);
<?php// Strong encryption using openssl with aes-256
$key="key";$data="Sensitive Data";openssl_encrypt($data,"aes-256-gcm",$key,$options=OPENSSL_RAW_DATA,$iv);
シームレスな統合。 Datadog Code Security をお試しください
Datadog Code Security
このルールを試し、Datadog Code Security でコードを解析する
このルールの使用方法
1
2
rulesets:- php-security # Rules to enforce PHP security.
