Sensitive data stored unencrypted due to partial encryption Medium

Encryption that is dependent on conditional logic, such as an if...then clause, might cause unencrypted sensitive data to be stored. If data is encrypted along some branch of a conditional statement, then encrypt data along all branches.

Detector ID
java/partial-encryption@v1.0
Category

Noncompliant example

1public void s3PutObjectNoncompliant(AmazonS3 s3Client, String bucketName, String partFileKey, String kmsKeyId,
2                                    File partFile, String bucketOwner) {
3    PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, partFileKey, partFile).withExpectedBucketOwner(bucketOwner);
4    // Noncompliant: encryption is not performed in all paths.
5    if (kmsKeyId != null) {
6        putObjectRequest.setSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(kmsKeyId));
7    }
8    s3Client.putObject(putObjectRequest);
9}

Compliant example

1public void s3PutObjectCompliant(AmazonS3 s3Client, String bucketName, String partFileKey, String kmsKeyId,
2                                 File partFile, String bucketOwner) {
3    PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, partFileKey, partFile).withExpectedBucketOwner(bucketOwner);
4    // Compliant: encryption is performed in all paths.
5    if (kmsKeyId != null) {
6        putObjectRequest.setSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(kmsKeyId));
7    }
8    else {
9        putObjectRequest.setSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams());
10    }
11    s3Client.putObject(putObjectRequest);
12}