Skip to content

Test jaswanth #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Test jaswanth #54

wants to merge 2 commits into from

Conversation

jkosanam
Copy link
Collaborator

No description provided.

semgrep-code-digitalocean[bot]
semgrep-code-digitalocean bot reviewed Jul 25, 2025
View reviewed changes
src/util.ts
Comment on lines +176 to +180
const decipher = crypto.createDecipheriv(
'aes-256-gcm',
key,
Buffer.from(ivHex, 'hex')
);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semgrep identified an issue in your code:
The call to 'createDecipheriv' with the Galois Counter Mode (GCM) mode of operation is missing an expected authentication tag length. If the expected authentication tag length is not specified or otherwise checked, the application might be tricked into verifying a shorter-than-expected authentication tag. This can be abused by an attacker to spoof ciphertexts or recover the implicit authentication key of GCM, allowing arbitrary forgeries.

To resolve this comment:

✨ Commit Assistant fix suggestion

Suggested change
const decipher = crypto.createDecipheriv(
'aes-256-gcm',
key,
Buffer.from(ivHex, 'hex')
);
const decipher = crypto.createDecipheriv(
'aes-256-gcm',
key,
Buffer.from(ivHex, 'hex'),
{ authTagLength: 16 } // Specify the expected authentication tag length in bytes
);
View step-by-step instructions
  1. Pass an additional options object with the authTagLength property set to 16 as the fourth parameter to crypto.createDecipheriv. For example:
    const decipher = crypto.createDecipheriv('aes-256-gcm', key, Buffer.from(ivHex, 'hex'), { authTagLength: 16 });
  2. Make sure that the value for authTagLength matches the length of the authentication tag you use when calling decipher.setAuthTag.
    In AES-GCM, a typical tag length is 16 bytes (128 bits). This helps prevent attackers from supplying shorter authentication tags when decrypting.
  3. Review and update any other instances of createDecipheriv with a GCM mode in your codebase to use the authTagLength option as well.
💬 Ignore this finding

Reply with Semgrep commands to ignore this finding.

  • /fp <comment> for false positive
  • /ar <comment> for acceptable risk
  • /other <comment> for all other reasons

Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by gcm-no-tag-length.

Questions about this issue? Reach out to Product Security in #prodsec-tools.

You can view more details about this finding in the Semgrep AppSec Platform.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@semgrep-code-digitalocean semgrep-code-digitalocean[bot] semgrep-code-digitalocean[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jkosanam @code-by-jassu