Incorrect Hex Conversion

Description

The application is using `Integer.toHexString` on a digest array buffer which may lead to an incorrect version of values. Consider using the `java.util.HexFormat` object introduced in Java 17. For older Java applications, consider using the `javax.xml.bind.DatatypeConverter`.

Examples

Insecure Code

java

Integer.toHexString(byteArray[0])

Secure Code

java

HexFormat.of().formatHex(byteArray)

Remediation

Use `java.util.HexFormat` or `javax.xml.bind.DatatypeConverter` for hex conversion.

Rule Details

Field	Value
ID	CODE-0724
Category	Generic
Severity	MEDIUM
CWE	CWE-704
Confidence	HIGH
Impact	MEDIUM
Likelihood	MEDIUM
Exploitability	MODERATE
Tags	hex conversion, Integer.toHexString
OWASP	A6:2017-Security Misconfiguration, A05:2021-Security Misconfiguration

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Incorrect Hex Conversion

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

SAST Rules

IaC Rules

License Rules

Incorrect Hex Conversion ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

Incorrect Hex Conversion

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details