CryptographyRules
prefer-native-crypto
TODO: Add description for this rule.
Description
TODO: Add description for this rule.
OWASP Mapping
- OWASP Top 10: A02:2021 - Cryptographic Failures
- CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Error Message Format
The rule provides LLM-optimized error messages (Compact 2-line format) with actionable security guidance:
🔒 CWE-327 OWASP:A04 CVSS:7.5 | Broken Cryptographic Algorithm detected | HIGH [PCI-DSS,HIPAA,ISO27001,NIST-CSF]
Fix: Review and apply the recommended fix | https://owasp.org/Top10/A04_2021/Message Components
| Component | Purpose | Example |
|---|---|---|
| Risk Standards | Security benchmarks | CWE-327 OWASP:A04 CVSS:7.5 |
| Issue Description | Specific vulnerability | Broken Cryptographic Algorithm detected |
| Severity & Compliance | Impact assessment | HIGH [PCI-DSS,HIPAA,ISO27001,NIST-CSF] |
| Fix Instruction | Actionable remediation | Follow the remediation steps below |
| Technical Truth | Official reference | OWASP Top 10 |
Rule Details
TODO: Add rule details.
Examples
❌ Incorrect
// TODO: Add incorrect example✅ Correct
// TODO: Add correct exampleOptions
This rule has no options.
When Not To Use It
TODO: Add when not to use.
Known False Negatives
The following patterns are not detected due to static analysis limitations:
Algorithm from Variable
Why: Algorithm names from variables not traced.
// ❌ NOT DETECTED - Algorithm from variable
const algo = config.hashAlgorithm; // May be weak
crypto.createHash(algo);Mitigation: Hardcode secure algorithms.
Third-party Crypto Libraries
Why: Non-standard crypto APIs not recognized.
// ❌ NOT DETECTED - Third-party
customCrypto.encrypt(data, key);Mitigation: Review all crypto implementations.
Configuration-based Security
Why: Config-driven security not analyzed.
// ❌ NOT DETECTED - Config-based
const options = getSecurityOptions(); // May be weakMitigation: Validate security configurations.