esapi-java-legacy icon indicating copy to clipboard operation
esapi-java-legacy copied to clipboard

Published 20 hours ago verified publisher icon ESAPI

Fix code scanning alert - tracker 3

Open kwwall opened this issue 3 years ago • 1 comments

This "feature" needs to be kept for legacy reasons, but research to see if we can include some logging here.

Tracking issue for:

  • [ ] https://github.com/ESAPI/esapi-java-legacy/security/code-scanning/3

kwwall avatar Jan 10 '22 19:01 kwwall

Looking at this again, the simple thing would be to log something directly from CipherSpec, but I'd prefer not to tightly couple that class with the ESAPI Logger for that one item. If we make the assumption that now is using the CipherSpec class directly for encrypting / decrypting, but instead it is only used via the ESAPI Encryptor (which seems like a reasonable assumption), then it would preferred that JavaEncryptor do the logging. Will create a new GitHub issue to log ECB there.

kwwall avatar Jul 16 '22 19:07 kwwall