Class InsecureCryptoIvRule

  • All Implemented Interfaces:
    AstVisitor, JavaVisitor, Rule, PropertySource

    public class InsecureCryptoIvRule
    extends AbstractJavaRulechainRule
    Finds hardcoded static Initialization Vectors vectors used with cryptographic operations. //bad: byte[] ivBytes = new byte[] {32, 87, -14, 25, 78, -104, 98, 40}; //bad: byte[] ivBytes = "hardcoded".getBytes(); //bad: byte[] ivBytes = someString.getBytes();

    IvParameterSpec must not be created from a static sources

    Author:
    sergeygorbaty
    Since:
    6.3.0