Class InsecureCryptoIvRule

  • All Implemented Interfaces:
    JavaParserVisitor, ImmutableLanguage, PropertySource, Rule

    public class InsecureCryptoIvRule
    extends AbstractJavaRule
    Finds hardcoded static Initialization Vectors vectors used with cryptographic operations. //bad: byte[] ivBytes = new byte[] {32, 87, -14, 25, 78, -104, 98, 40}; //bad: byte[] ivBytes = "hardcoded".getBytes(); //bad: byte[] ivBytes = someString.getBytes();

    IvParameterSpec must not be created from a static sources

    Since:
    6.3.0
    Author:
    sergeygorbaty