comments

pmd-java/src/main/java/net/sourceforge/pmd/lang/java/rule/security/HardCodedCryptoKeyRule.java

@@ -44,7 +44,6 @@ public class HardCodedCryptoKeyRule extends AbstractJavaRule {
         Set<ASTLocalVariableDeclaration> foundLocalVars = new HashSet<>();
 
         // find new javax.crypto.spec.SecretKeySpec("literal".getBytes(),...);
-
         List<ASTAllocationExpression> allocations = node.findDescendantsOfType(ASTAllocationExpression.class);
         for (ASTAllocationExpression allocation : allocations) {
 

pmd-java/src/main/resources/category/java/security.xml

@@ -44,7 +44,7 @@ public class Foo {
 		class="net.sourceforge.pmd.lang.java.rule.security.HardCodedCryptoKeyRule"
 		externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#hardcodedcryptokey">
 		<description>
-Do not use hard coded encryption keys used in asymmetric cryptographic operations. Please store keys outside of source code.
+Do not use hard coded values for cryptographic operations. Please store keys outside of source code.
         </description>
 		<priority>3</priority>
 		<example>

pmd-java/src/test/resources/net/sourceforge/pmd/lang/java/rule/security/xml/HardCodedCryptoKey.xml

@@ -4,7 +4,7 @@
 	xsi:schemaLocation="http://pmd.sourceforge.net/rule-tests http://pmd.sourceforge.net/rule-tests_1_0_0.xsd">
 	<test-code>
 		<description><![CDATA[
-Hard coded inline crypto key, bad
+Hard coded inline cryptographic key, bad
      ]]></description>
 		<expected-problems>1</expected-problems>
 		<code><![CDATA[
@@ -21,7 +21,7 @@ Hard coded inline crypto key, bad
 
 	<test-code>
 		<description><![CDATA[
-Key stored in property, good
+Key stored in a property, good
      ]]></description>
 		<expected-problems>0</expected-problems>
 		<code><![CDATA[
@@ -38,7 +38,7 @@ Key stored in property, good
 
 	<test-code>
 		<description><![CDATA[
-Hard coded crypto key, bad
+Hard coded in field cryptographic key, bad
      ]]></description>
 		<expected-problems>1</expected-problems>
 		<code><![CDATA[