Update metadata for v3.15.1 (#1157)

andrea-guarino-sonarsource · web-flow · commit 4f1d81a373ee · 2022-06-22T17:43:55.000+02:00
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5542.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S5542.html
@@ -1,15 +1,16 @@
-<p>Encryption operation mode and the padding scheme should be chosen appropriately to guarantee data confidentiality, integrity and authenticity:</p>
+<p>Encryption operations should use a secure mode and padding scheme so that confidentiality and integrity can be guaranteed.</p>
 <ul>
   <li> For block cipher encryption algorithms (like AES):
     <ul>
+      <li> The ECB (Electronic Codebook) cipher mode doesn’t provide serious message confidentiality: under a given key any given plaintext block
+      always gets encrypted to the same ciphertext block. This mode never be used. </li>
+      <li> The CBC (Cipher Block Chaining) mode by itself provides only data confidentiality. This cipher mode is also vulnerable to <a
+      href="https://en.wikipedia.org/wiki/Padding_oracle_attack">padding oracle attacks</a> when used with padding. Using CBC along with Message
+      Authentication Code can provide data integrity and should prevent such attacks. In practice the implementation has many pitfalls and it’s
+      recommended to avoid CBC with padding completely. </li>
       <li> The GCM (Galois Counter Mode) mode which <a href="https://en.wikipedia.org/wiki/Galois/Counter_Mode#Mathematical_basis">works
       internally</a> with zero/no padding scheme, is recommended, as it is designed to provide both data authenticity (integrity) and confidentiality.
       Other similar modes are CCM, CWC, EAX, IAPM and OCB. </li>
-      <li> The CBC (Cipher Block Chaining) mode by itself provides only data confidentiality, it’s recommended to use it along with Message
-      Authentication Code or similar to achieve data authenticity (integrity) too and thus to <a
-      href="https://en.wikipedia.org/wiki/Padding_oracle_attack">prevent padding oracle attacks</a>. </li>
-      <li> The ECB (Electronic Codebook) mode doesn’t provide serious message confidentiality: under a given key any given plaintext block always gets
-      encrypted to the same ciphertext block. This mode should not be used. </li>
     </ul>  </li>
   <li> For RSA encryption algorithm, the recommended padding scheme is OAEP. </li>
 </ul>
diff --git a/sonarpedia.json b/sonarpedia.json
@@ -3,7 +3,7 @@
   "languages": [
     "PY"
   ],
-  "latest-update": "2022-06-10T14:08:35.690806Z",
+  "latest-update": "2022-06-22T13:40:30.905937Z",
   "options": {
     "no-language-in-filenames": true,
     "preserve-filenames": true
