CryptographyRules
no-insecure-rsa-padding
TODO: Add description for this rule.
Description
TODO: Add description for this rule.
OWASP Mapping
- OWASP Top 10: A02:2021 - Cryptographic Failures
- CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Error Message Format
The rule provides LLM-optimized error messages (Compact 2-line format) with actionable security guidance:
🔒 CWE-327 OWASP:A04 CVSS:7.5 | Broken Cryptographic Algorithm detected | HIGH [PCI-DSS,HIPAA,ISO27001,NIST-CSF]
Fix: Review and apply the recommended fix | https://owasp.org/Top10/A04_2021/Message Components
| Component | Purpose | Example |
|---|---|---|
| Risk Standards | Security benchmarks | CWE-327 OWASP:A04 CVSS:7.5 |
| Issue Description | Specific vulnerability | Broken Cryptographic Algorithm detected |
| Severity & Compliance | Impact assessment | HIGH [PCI-DSS,HIPAA,ISO27001,NIST-CSF] |
| Fix Instruction | Actionable remediation | Follow the remediation steps below |
| Technical Truth | Official reference | OWASP Top 10 |
Rule Details
TODO: Add rule details.
Examples
❌ Incorrect
// TODO: Add incorrect example✅ Correct
// TODO: Add correct exampleOptions
This rule has no options.
When Not To Use It
TODO: Add when not to use.
Known False Negatives
The following patterns are not detected due to static analysis limitations:
Values from Variables
Why: Values stored in variables are not traced.
// ❌ NOT DETECTED - Value from variable
const value = userInput;
dangerousOperation(value);Mitigation: Validate all user inputs.
Wrapper Functions
Why: Custom wrappers not recognized.
// ❌ NOT DETECTED - Wrapper
myWrapper(userInput); // Uses dangerous API internallyMitigation: Apply rule to wrapper implementations.
Dynamic Invocation
Why: Dynamic calls not analyzed.
// ❌ NOT DETECTED - Dynamic
obj[method](userInput);Mitigation: Avoid dynamic method invocation.