CodeGuru
Detector Library
Kotlin detectors (23/23)
Insecure cookieCookie Without Http Only FlagImproper AuthenticationCryptographic key generatorWeak pseudorandom number generationPath traversalCross-site scriptingReusing Nonce and key in encryptionCode InjectionServer-side request forgeryCross-site request forgeryLog injectionHardcoded credentialsEnabling and overriding debug featureNull Pointer DereferenceInsecure hashingMissing encryption of sensitive dataImproper verification of IntentInsecure connection using unencrypted protocolOS Command InjectionInsecure Bean ValidationSQL injectionIncorrect Type Conversion
Insecure hashing High
A hashing algorithm is weak if it is easy to determine the original input from the hash or to find another input that yields the same hash. Weak hashing algorithms can lead to security vulnerabilities.
Detector ID
kotlin/insecure-hashing@v1.0
Category
Noncompliant example
1// Noncompliant: Used `NullCipher`, which will not use any encryption.
2fun noncompliant(plainText: String): Array<Byte> {
3 val doNothingCipher: Cipher = NullCipher()
4 val cipherText: Cipher = doNothingCihper.doFinal(plainText)
5 return cipherText
6}
Compliant example
1// Compliant: Avoided use of `NullCipher` while encrypting value
2fun compliant(plainText: String): Void {
3 val cipher: Cipher = Cipher.getInstance("AES/CBC/PKCS5Padding")
4 val cipherText: Array<Byte> = cipher.doFinal(plainText)
5 return cipherText
6}
Noncompliant example
1// Noncompliant: Using weak hashing algorithm which is insecure
2fun noncompliant(password: String): ByteArray {
3 val md5Digest: MessageDigest = MessageDigest.getInstance("MD5")
4 md5Digest.update(password.getBytes())
5 val hashValue: ByteArray = md5Digest.digest()
6 return hashValue
7}
Compliant example
1// Compliant: Using secure hashing algorithm
2fun compliant(password: String): ByteArray {
3 val shaDigest: MessageDigest = MessageDigest.getInstance("SHA-256")
4 shaDigest.update(password.getBytes())
5 val hashValue: ByteArray = shaDigest.digest()
6 return hashValue
7}