I am using sonarqube to code quality of my nodejs app. I am using npm crypto package to encrypt and decrypt.
Sonar qube thrown issue
Make sure that encrypting data is safe here.
Issue mentioned at my code sinppet is below,
let cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(secret_obj.key), crypto.randomBytes(16));
I see this
The Advanced Encryption Standard (AES) encryption algorithm can be used with various modes. Galois/Counter Mode (GCM) with no padding should be preferred to the following combinations which are not secured: Electronic Codebook (ECB) mode: Under a given key, any given plaintext block always gets encrypted to the same ciphertext block. Thus, it does not hide data patterns well. In some senses, it doesn’t provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all. Cipher Block Chaining (CBC) with PKCS#5 padding (or PKCS#7) is susceptible to padding oracle attacks
But it is not clear to me,so what is the way to clear this issue from a nodejs app.