Home | History | Annotate | Download | only in annotations 
      1 /* Copyright 2018 Google LLC
      2  *
      3  * Licensed under the Apache License, Version 2.0 (the "License");
      4  * you may not use this file except in compliance with the License.
      5  * You may obtain a copy of the License at
      6  *
      7  *     https://www.apache.org/licenses/LICENSE-2.0
      8  *
      9  * Unless required by applicable law or agreed to in writing, software
     10  * distributed under the License is distributed on an "AS IS" BASIS,
     11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     12  * See the License for the specific language governing permissions and
     13  * limitations under the License.
     14  */
     15 package com.google.security.annotations;
     16 
     17 import java.lang.annotation.Documented;
     18 import java.lang.annotation.ElementType;
     19 import java.lang.annotation.Retention;
     20 import java.lang.annotation.RetentionPolicy;
     21 import java.lang.annotation.Target;
     22 
     23 import javax.crypto.Cipher;
     24 
     25 /**
     26  * This annotation is used to disable the InsecureCipherMode Error Prone checker for legacy code
     27  * that didn't undergo a security review by ISE.
     28  *
     29  * <p>A {@link Cipher} object is created using one of the overloads of the
     30  * {@link Cipher#getInstance()} method. This method takes a specification of the transformer either
     31  * as a triple "Algorithm/Mode/Padding" or just "Algorithm", using the provider's default settings.
     32  * The InsecureCipherMode checker implemented in Error Prone flags all call sites of
     33  * {@link Cipher#getInstance()}, where either the insecure ECB mode or the provider's default mode
     34  * is used. This method annotation is used to suppress the Error Prone checker for legacy code
     35  * without review by ISE. The annotation is BUILD-visibility restricted and every use must be vetted
     36  * by the ISE team.
     37  *
     38  * <p>Example of usage:
     39  * <pre>
     40  * {@code
     41  * @SuppressInsecureCipherModeCheckerNoReview
     42  * private String decrypt(String[] input) {
     43  * Cipher aesCipher = Cipher.getInstance("AES");
     44  * aesCipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(rawKeyMaterial, "AES"));
     45  * // ...
     46  * }
     47  * }
     48  * </pre>
     49  *
     50  * @author avenet (at) google.com (Arnaud J. Venet)
     51  *
     52  */
     53 @Documented
     54 @Target({ElementType.FIELD, ElementType.METHOD, ElementType.PARAMETER, ElementType.CONSTRUCTOR,
     55     ElementType.LOCAL_VARIABLE})
     56 @Retention(RetentionPolicy.SOURCE)
     57 public @interface SuppressInsecureCipherModeCheckerNoReview {}
     58