Do not use NullCipher | Critiq Docs

#Metadata

Rule ID: java.security.null-cipher
Severity: critical
Confidence: 0.97
Languages: java
Presets: security, strict
Stability: stable
Applies to: block
Tags: cryptography, java, rules-catalog, security

#Why it matters

NullCipher returns plaintext unchanged, providing no confidentiality and often disguising an intentional bypass of crypto.

#Remediation

Use an authenticated cipher such as `AES/GCM/NoPadding` with a properly managed key.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/java/java.security.null-cipher.rule.yaml.

Back to directory Open rule in repository