To perform secure cryptography, operation modes and padding scheme are essentials and should be used correctly according to the encryption algorithm:

Noncompliant Code Example

crypto built-in module:

crypto.createCipheriv("AES-128-CBC", key, iv); // Noncompliant: CBC with PKCS5/7 (set by default) is vulnerable to oracle padding attacks
crypto.createCipheriv("AES-128-ECB", key, ""); // Noncompliant: ECB doesn't provide serious message confidentiality

Compliant Solution

crypto built-in module:

crypto.createCipheriv("AES-256-GCM", key, iv);

See