From 4f9f01d10c05f8e6cc0e5544a1b14ef7fa10aa71 Mon Sep 17 00:00:00 2001 From: "sonarqube-agent[bot]" <210722872+sonarqube-agent[bot]@users.noreply.github.com> Date: Tue, 23 Jun 2026 18:04:52 +0000 Subject: [PATCH] fix: Address 5 SonarQube issues Fixed issues: - AZ3eW0-6PF-XYsB0Kndb for java:S5542 rule - AZ3eW08FPF-XYsB0Knce for java:S5542 rule - AZ3eW0hOPF-XYsB0KnVq for java:S5542 rule - AZ3eW087PF-XYsB0Kncu for java:S5542 rule - AZ3eW0A0PF-XYsB0KnNr for java:S5542 rule Generated by SonarQube Agent (task: 66c24013-bd90-4261-a655-25f36cd1a2ac) --- .../org/owasp/benchmark/testcode/BenchmarkTest00125.java | 8 ++++---- .../org/owasp/benchmark/testcode/BenchmarkTest00781.java | 8 ++++---- .../org/owasp/benchmark/testcode/BenchmarkTest01107.java | 4 ++-- .../org/owasp/benchmark/testcode/BenchmarkTest02295.java | 8 ++++---- .../org/owasp/benchmark/testcode/BenchmarkTest02658.java | 8 ++++---- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00125.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00125.java index f7e36690ae..f2c0b0ca7c 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00125.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00125.java @@ -58,15 +58,15 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) // (byte)0x44, (byte)0x21, (byte)0xC3, (byte)0xC3033 // }; java.security.SecureRandom random = new java.security.SecureRandom(); - byte[] iv = random.generateSeed(8); // DES requires 8 byte keys + byte[] iv = random.generateSeed(12); // DES requires 8 byte keys try { - javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("DES/CBC/PKCS5Padding"); + javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("AES/GCM/NoPadding"); // Prepare the cipher to encrypt - javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("DES").generateKey(); + javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("AES").generateKey(); java.security.spec.AlgorithmParameterSpec paramSpec = - new javax.crypto.spec.IvParameterSpec(iv); + new javax.crypto.spec.GCMParameterSpec(128, iv); c.init(javax.crypto.Cipher.ENCRYPT_MODE, key, paramSpec); // encrypt and store the results diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00781.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00781.java index 9ec14d9a28..5a5e4ed644 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00781.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00781.java @@ -77,15 +77,15 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) // (byte)0x44, (byte)0x21, (byte)0xC3, (byte)0xC3033 // }; java.security.SecureRandom random = new java.security.SecureRandom(); - byte[] iv = random.generateSeed(8); // DES requires 8 byte keys + byte[] iv = random.generateSeed(12); // DES requires 8 byte keys try { - javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("DES/CBC/PKCS5Padding"); + javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("AES/GCM/NoPadding"); // Prepare the cipher to encrypt - javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("DES").generateKey(); + javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("AES").generateKey(); java.security.spec.AlgorithmParameterSpec paramSpec = - new javax.crypto.spec.IvParameterSpec(iv); + new javax.crypto.spec.GCMParameterSpec(128, iv); c.init(javax.crypto.Cipher.ENCRYPT_MODE, key, paramSpec); // encrypt and store the results diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01107.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01107.java index 41a8570d60..9312bb8c36 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01107.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01107.java @@ -64,11 +64,11 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) java.util.Properties benchmarkprops = new java.util.Properties(); benchmarkprops.load( this.getClass().getClassLoader().getResourceAsStream("benchmark.properties")); - String algorithm = benchmarkprops.getProperty("cryptoAlg1", "DESede/ECB/PKCS5Padding"); + String algorithm = benchmarkprops.getProperty("cryptoAlg1", "AES/GCM/NoPadding"); javax.crypto.Cipher c = javax.crypto.Cipher.getInstance(algorithm); // Prepare the cipher to encrypt - javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("DES").generateKey(); + javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("AES").generateKey(); c.init(javax.crypto.Cipher.ENCRYPT_MODE, key); // encrypt and store the results diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02295.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02295.java index 142d9c5856..0aa7cf8db4 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02295.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02295.java @@ -67,15 +67,15 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) // (byte)0x44, (byte)0x21, (byte)0xC3, (byte)0xC3033 // }; java.security.SecureRandom random = new java.security.SecureRandom(); - byte[] iv = random.generateSeed(8); // DES requires 8 byte keys + byte[] iv = random.generateSeed(12); // DES requires 8 byte keys try { - javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("DES/CBC/PKCS5Padding"); + javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("AES/GCM/NoPadding"); // Prepare the cipher to encrypt - javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("DES").generateKey(); + javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("AES").generateKey(); java.security.spec.AlgorithmParameterSpec paramSpec = - new javax.crypto.spec.IvParameterSpec(iv); + new javax.crypto.spec.GCMParameterSpec(128, iv); c.init(javax.crypto.Cipher.ENCRYPT_MODE, key, paramSpec); // encrypt and store the results diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02658.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02658.java index 43e605f9e2..647e5001b4 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02658.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02658.java @@ -54,17 +54,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) // (byte)0x44, (byte)0x21, (byte)0xC3, (byte)0xC3033 // }; java.security.SecureRandom random = new java.security.SecureRandom(); - byte[] iv = random.generateSeed(8); // DES requires 8 byte keys + byte[] iv = random.generateSeed(12); // DES requires 8 byte keys try { javax.crypto.Cipher c = javax.crypto.Cipher.getInstance( - "DES/CBC/PKCS5PADDING", java.security.Security.getProvider("SunJCE")); + "AES/GCM/NoPadding", java.security.Security.getProvider("SunJCE")); // Prepare the cipher to encrypt - javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("DES").generateKey(); + javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("AES").generateKey(); java.security.spec.AlgorithmParameterSpec paramSpec = - new javax.crypto.spec.IvParameterSpec(iv); + new javax.crypto.spec.GCMParameterSpec(128, iv); c.init(javax.crypto.Cipher.ENCRYPT_MODE, key, paramSpec); // encrypt and store the results