Missing Support for Integrity Check

Overview

Rule ID: java_lang_missing_integrity_check
Applicable Languages: Java
Weakness ID: CWE-353

Description

Without integrity checks ("checksums"), a protocol lacks the means to detect if transmitted data has been tampered with or altered by unauthorized parties, such as in a Man-in-the-Middle attack. This complicates the ability to verify the integrity of transmitted data.

Remediation Guidelines

Employ encryption schemes that incorporate integrity checks to verify that data has not been altered during transmission.
```
Cipher c = Cipher.getInstance("AES/GCM/PKCS5Padding");
```

References

Java Cipher class
CWE-353: Missing Support for Integrity Check
OWASP Top 10: A08:2021 - Software and Data Integrity Failures

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousMissing SSL host check in SMTP NextMissing TLS validation

Last updated 3 months ago