Skip to content

Fix static scan issue by updating AES cipher mode #25603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix static scan issue by updating AES cipher mode #25603

wants to merge 1 commit into from

Conversation

Dilli-Babu-Godari
Copy link
Contributor

@Dilli-Babu-Godari Dilli-Babu-Godari commented Jul 23, 2025
edited
Loading

Description

Changed AES cipher mode from AES/CBC/PKCS5Padding to AES/CTR/NoPadding.

Motivation and Context

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

General Changes
*  Fix static scan issue by updating AES cipher mode :pr: '25603'

@Dilli-Babu-Godari Dilli-Babu-Godari requested a review from a team as a code owner July 23, 2025 10:22
@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Jul 23, 2025
@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Jul 23, 2025
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: Dilli-Babu-Godari (c7e897c)

@prestodb-ci prestodb-ci requested review from a team, namya28 and sh-shamsan and removed request for a team July 23, 2025 10:22
@Dilli-Babu-Godari
Fix static scan issue by updating AES cipher mode
c7e897c 
Changed AES cipher mode from AES/CBC/PKCS5Padding to AES/CTR/NoPadding.
@sh-shamsan
Copy link
Contributor

Could you add a bit of background on what issue led to this switch? context would be nice in the PR description for future reference

@Dilli-Babu-Godari
Copy link
Contributor Author

Could you add a bit of background on what issue led to this switch? context would be nice in the PR description for future reference

A static scan has flagged the issue that usage of padding leads to potiential security risks and to change it to a different encryption process. so I checked whether the AES/CBC has any NoPadding option to fix this but it doesn't provide with that option. so I went with AES/CTR it offers both NoPadding option and it doesn't compromise in terms of the encryption of data by updating to CTR.
It is actually safer than CBC mode.
https://crypto.stackexchange.com/questions/6029/aes-cbc-mode-or-aes-ctr-mode-recommended

namya28
namya28 reviewed Jul 25, 2025
View reviewed changes
Copy link
Contributor

@namya28 namya28 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please ensure that all the CI checks pass.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@namya28 namya28 namya28 left review comments

@sh-shamsan sh-shamsan Awaiting requested review from sh-shamsan sh-shamsan was automatically assigned from prestodb/ibm-reviewers

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
from:IBM PR from IBM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Dilli-Babu-Godari @sh-shamsan @namya28 @prestodb-ci