Uploaded image for project: 'Policy Framework'
  1. Policy Framework
  2. POLICY-3201

fix CRITICAL weak-cryptography issues identified in sonarcloud

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • High
    • Resolution: Done
    • Honolulu Release
    • Istanbul Release
    • clamp
    • Policy 4/21 - 5/5

    Description

      Sonarcloud identified the following security bugs in your project and, as agreed by the TSC, should be fixed within the Honolulu release. Any not finished in Honolulu must be fixed within the Istanbul release. Follow each of the URLs for details on each each bug, along with recommended fixes.

       
      If any of the links below fail, please find your code on the master list found at <https://sonarcloud.io/organizations/onap/issues?resolved=false&sonarsourceSecurity=weak-cryptography>.
       
      Project: onap_clamp
      Component: onap_clamp:src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
      Message: Use secure mode and padding scheme.
      Severity: BLOCKER
      Line: 106
      Effort:
      Creation-Date: 2017-12-19T14:58:08+0100
      URL: https://sonarcloud.io/project/issues?id=onap_clamp&issues=AXGFM1LNl8tlF3n92utq&open=AXGFM1LNl8tlF3n92utq

      Project: onap_clamp
      Component: onap_clamp:src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
      Message: Use secure mode and padding scheme.
      Severity: BLOCKER
      Line: 125
      Effort:
      Creation-Date: 2017-12-19T14:58:08+0100
      URL: https://sonarcloud.io/project/issues?id=onap_clamp&issues=AXGFM1LNl8tlF3n92utr&open=AXGFM1LNl8tlF3n92utr

      Project: onap_clamp
      Component: onap_clamp:src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
      Message: Use a dynamically-generated, random IV.
      Severity: CRITICAL
      Line: 126
      Effort: 15min
      Creation-Date: 2018-02-14T15:17:45+0100
      URL: https://sonarcloud.io/project/issues?id=onap_clamp&issues=AXfbZ1Ec-p6zO6corvYF&open=AXfbZ1Ec-p6zO6corvYF

       

      Attachments

        Issue Links

          clones

          Bug - A problem which impairs or prevents the functions of the product. VFC-1826 fix CRITICAL weak-cryptography issues identified in sonarcloud

          • High - Severely impaired functionality. Erratic performance and reduced system availability. It may cause major components or features of the system to be unavailable although certain parts of the system remain functional. A workaround may exist but its use is unsatisfactory or at a high time cost (manual intervention required). Must be fixed in any of the upcoming builds and should be included in the current release.
          • Closed
          relates to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. REQ-443 CONTINUATION OF BEST PRACTICES BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL

          • Highest - Catastrophic defect that causes total failure of the software or unrecoverable data loss with no available workaround. Complete shut-down of the process, nothing can proceed further. Blocks testing of the product / feature. Must be fixed in the next build.
          • In Progress
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              sebdet Sébastien Determe
              zwarico Amy Zwarico
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: