[Feat/update cipher trans]

[ekgns33]

작업내역

• SonarQube에서 기존의 Ecrypt 클래스에 대한 경고를 표시했습니다.
  기존의 AES/CBC 는 Padding Oracle Attack의 위험이 있어 Padding을 사용하지 않는 알고리즘으로 변경하라는 제안이 있어 업데이트 했습니다.

ref) https://en.wikipedia.org/wiki/Padding_oracle_attack

GCM 알고리즘의 경우 병렬처리가 가능해져 성능상 이점도 존재한다고 합니다!
ref) https://beatmejy.tistory.com/59
https://isuruka.medium.com/selecting-the-best-aes-block-cipher-mode-aes-gcm-vs-aes-cbc-ee3ebae173c

Summary by CodeRabbit

• Security Improvements
  • Enhanced encryption by switching to a more secure algorithm, providing stronger data protection.
  • Improved handling of encryption keys and initialization vectors for better security.
• Bug Fixes
  • Unified error handling for encryption and decryption operations, resulting in clearer error messages.

[coderabbitai]

Walkthrough

The encryption utility was updated to switch from AES-CBC with PKCS5 padding to AES-GCM with no padding, enhancing both security and implementation. The initialization vector (IV) is now a randomly generated 12-byte value for each encryption, replacing the previous static IV. The IV is prepended to the ciphertext before encoding. The secret key is normalized to a 32-byte array for consistent key length. Exception handling was unified, and the decryption method signature no longer declares checked exceptions.

Changes

File(s)	Change Summary
src/main/java/org/runimo/runimo/auth/service/EncryptUtil.java	Switched encryption from AES-CBC/PKCS5Padding to AES-GCM/NoPadding; uses random IV; key normalization; unified exception handling; updated decryption method signature.

Poem

In the burrow where secrets hide,
A new GCM cipher hops inside.
No static IV, just random delight,
Each byte now armored, secure and tight.
With every encrypt, a fresh start anew,
The warren’s secrets safe—thanks to you! 🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

src/main/java/org/runimo/runimo/auth/service/EncryptUtil.java (3)

27-34: Consider implementing a KDF-based key derivation instead of zero-padding.
Zero-padding can weaken security if the provided secret key is too short. A KDF like PBKDF2 is more robust.

---

38-45: Well-implemented random IV generation and GCM parameter setup.
If additional data integrity is needed, consider using AAD with cipher.updateAAD(...).

🧰 Tools

🪛 ast-grep (0.31.1)

[warning] 42-42: Use of AES with ECB mode detected. ECB doesn't provide message confidentiality and is not semantically secure so should not be used. Instead, use a strong, secure cipher: Cipher.getInstance("AES/CBC/PKCS7PADDING"). See https://owasp.org/www-community/Using_the_Java_Cryptographic_Extensions for more information.
Context: Cipher.getInstance(CIPHER_TRANS)
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
- https://owasp.org/Top10/A02_2021-Cryptographic_Failures
- https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html

(use-of-aes-ecb-java)

---

[warning] 42-42: Triple DES (3DES or DESede) is considered deprecated. AES is the recommended cipher. Upgrade to use AES.
Context: Cipher.getInstance(CIPHER_TRANS)
Note: [CWE-326]: Inadequate Encryption Strength [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
- https://find-sec-bugs.github.io/bugs.htm#TDES_USAGE
- https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA

(desede-is-deprecated-java)

---

57-77: Check cipherText length before extracting the IV.
If the Base64-decoded data is shorter than 12 bytes, an out-of-bounds error may occur. Consider validating length to handle malformed input gracefully.

🧰 Tools

🪛 ast-grep (0.31.1)

[warning] 68-68: Use of AES with ECB mode detected. ECB doesn't provide message confidentiality and is not semantically secure so should not be used. Instead, use a strong, secure cipher: Cipher.getInstance("AES/CBC/PKCS7PADDING"). See https://owasp.org/www-community/Using_the_Java_Cryptographic_Extensions for more information.
Context: Cipher.getInstance(CIPHER_TRANS)
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
- https://owasp.org/Top10/A02_2021-Cryptographic_Failures
- https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html

(use-of-aes-ecb-java)

---

[warning] 68-68: Triple DES (3DES or DESede) is considered deprecated. AES is the recommended cipher. Upgrade to use AES.
Context: Cipher.getInstance(CIPHER_TRANS)
Note: [CWE-326]: Inadequate Encryption Strength [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
- https://find-sec-bugs.github.io/bugs.htm#TDES_USAGE
- https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA

(desede-is-deprecated-java)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3e87a9a and e10bac9.

📒 Files selected for processing (1)

• src/main/java/org/runimo/runimo/auth/service/EncryptUtil.java (2 hunks)

🧰 Additional context used

🪛 ast-grep (0.31.1)

src/main/java/org/runimo/runimo/auth/service/EncryptUtil.java

[warning] 42-42: Use of AES with ECB mode detected. ECB doesn't provide message confidentiality and is not semantically secure so should not be used. Instead, use a strong, secure cipher: Cipher.getInstance("AES/CBC/PKCS7PADDING"). See https://owasp.org/www-community/Using_the_Java_Cryptographic_Extensions for more information.
Context: Cipher.getInstance(CIPHER_TRANS)
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
- https://owasp.org/Top10/A02_2021-Cryptographic_Failures
- https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html

(use-of-aes-ecb-java)

---

[warning] 68-68: Use of AES with ECB mode detected. ECB doesn't provide message confidentiality and is not semantically secure so should not be used. Instead, use a strong, secure cipher: Cipher.getInstance("AES/CBC/PKCS7PADDING"). See https://owasp.org/www-community/Using_the_Java_Cryptographic_Extensions for more information.
Context: Cipher.getInstance(CIPHER_TRANS)
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
- https://owasp.org/Top10/A02_2021-Cryptographic_Failures
- https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html

(use-of-aes-ecb-java)

---

[warning] 42-42: Triple DES (3DES or DESede) is considered deprecated. AES is the recommended cipher. Upgrade to use AES.
Context: Cipher.getInstance(CIPHER_TRANS)
Note: [CWE-326]: Inadequate Encryption Strength [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
- https://find-sec-bugs.github.io/bugs.htm#TDES_USAGE
- https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA

(desede-is-deprecated-java)

---

[warning] 68-68: Triple DES (3DES or DESede) is considered deprecated. AES is the recommended cipher. Upgrade to use AES.
Context: Cipher.getInstance(CIPHER_TRANS)
Note: [CWE-326]: Inadequate Encryption Strength [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
- https://find-sec-bugs.github.io/bugs.htm#TDES_USAGE
- https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA

(desede-is-deprecated-java)

🔇 Additional comments (5)

src/main/java/org/runimo/runimo/auth/service/EncryptUtil.java (5)

3-4: Good use of StandardCharsets and SecureRandom.
These imports are appropriate for a secure and consistent implementation.

---

7-7: Proper import of GCMParameterSpec.
GCMParameterSpec is the recommended parameter spec for AES-GCM mode.

---

47-51: Concise logic for combining IV and ciphertext.
Prepending the IV clearly separates it from the ciphertext.

---

43-43: False positives in static analysis regarding ECB and 3DES.
The code is using AES/GCM/NoPadding, not ECB or 3DES. No action needed.

Also applies to: 69-69

---

17-22:

Details

❓ Verification inconclusive

Correct switch to AES/GCM with sensible parameters.
The constants (32-byte key, 12-byte IV, 128-bit tag) are security best practices for GCM. However, confirm your runtime environment allows 256-bit keys.

---

🏁 Script executed:

#!/bin/bash
# Check if the current environment supports AES 256-bit.
# If "AES_256" is present in the output, your environment likely supports it.
java -version
strings $(/usr/bin/dirname $(/usr/bin/readlink -f $(which java)))/../lib/security/local_policy.jar | grep -i "AES_256"
strings $(/usr/bin/dirname $(/usr/bin/readlink -f $(which java)))/../lib/security/policy/unlimited/local_policy.jar | grep -i "AES_256"

Length of output: 1193

---

Action Required: Confirm AES 256-bit Support in Your Java Runtime

The encryption constants (32-byte key, 12-byte IV, 128-bit tag) correctly follow AES/GCM best practices. However, our automated verification was inconclusive due to command errors (missing commands like which and strings), so we couldn’t confirm if your Java runtime supports AES 256-bit encryption. Please manually verify that the unlimited cryptography policy is enabled in your runtime environment (e.g., inspect the local_policy.jar and unlimited_policy.jar files).

• Code validations:
  • The constants in src/main/java/org/runimo/runimo/auth/service/EncryptUtil.java (lines 17-22) are correctly defined.
• Manual verification required:
  • Confirm that your Java environment (OpenJDK 17 in this case) supports AES 256-bit keys, ensuring unlimited cryptographic policy is in effect.

[jeeheaG]

좋습니다~~ 고생하셨어요