Q
Detector Library
Kotlin detectors (23/23)
Insecure cookieCookie Without Http Only FlagImproper AuthenticationCryptographic key generatorWeak pseudorandom number generationPath traversalCross-site scriptingReusing Nonce and key in encryptionCode InjectionServer-side request forgeryCross-site request forgeryLog injectionHardcoded credentialsEnabling and overriding debug featureNull Pointer DereferenceInsecure hashingMissing encryption of sensitive dataImproper verification of IntentInsecure connection using unencrypted protocolOS Command InjectionInsecure Bean ValidationSQL injectionIncorrect Type Conversion
Cryptographic key generator High
Insufficient key sizes used for an HMAC are not robust against brute force attacks. Even strong encryption algorithms are vulnerable to brute force attacks when small key sizes are used.
Detector ID
kotlin/cryptographic-key-generator@v1.0
Category
Common Weakness Enumeration (CWE) 
Tags
Noncompliant example
1// Noncompliant: `DefaultHttpClient` is used for setting up HTTP connection.
2fun noncompliant() {
3 val client: HttpClient = DefaultHttpClient()
4 val request: HttpGet = HttpGet("http://google.com")
5 val response: HttpResponse= client.execute(request)
6}
Compliant example
1// Compliant: `DefaultHttpClient` is not used for setting up HTTP connection.
2fun compliant() {
3 val client: HttpClient = SystemDefaultHttpClient()
4 val request: HttpGet = HttpGet("http://google.com")
5 val response: HttpResponse= client.execute(request)
6}
Noncompliant example
1// Noncompliant: The key 256 is not secure key length.
2fun noncompliant() {
3 val keyGen: KeyPairGenerator = KeyPairGenerator.getInstance("RSA")
4 keyGen.initialize(256)
5}
Compliant example
1// Compliant: The key 2048 is secure key length.
2fun compliant() {
3 val keyGen = KeyPairGenerator.getInstance("RSA")
4 keyGen.initialize(2048);
5}