hiifong/pmd
1
0
Fork 0
forked from phoedos/pmd
Code Pull Requests Activity

Update documentation

Browse Source
This commit is contained in:
Travis CI (pmd-bot)
2018-04-23 19:20:29 +00:00
parent ba6f3fb5cb
commit 260f1da440
3 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/_data/sidebars/pmd_sidebar.yml
View File

@ -172,6 +172,9 @@ entries:
- title: Performance
output: web, pdf
url: /pmd_rules_java_performance.html
- title: Security
output: web, pdf
url: /pmd_rules_java_security.html
- title: null
output: web, pdf
subfolders:

6
docs/pages/pmd/rules/java.md
View File

@ -323,6 +323,12 @@ folder: pmd/rules
* [UseStringBufferForStringAppends](pmd_rules_java_performance.html#usestringbufferforstringappends): The use of the '+=' operator for appending strings causes the JVM to create and use an internal S...
* [UseStringBufferLength](pmd_rules_java_performance.html#usestringbufferlength): Use StringBuffer.length() to determine StringBuffer length rather than using StringBuffer.toStrin...
## Security
{% include callout.html content="Rules that flag potential security flaws." %}
* [InsecureCryptoIv](pmd_rules_java_security.html#insecurecryptoiv): Do not use hard coded initialization vector in cryptographic operations. Please use a randomly ge...
## Additional rulesets
* Android (`rulesets/java/android.xml`):

46
docs/pages/pmd/rules/java/security.md Normal file
View File

@ -0,0 +1,46 @@
---
title: Security
summary: Rules that flag potential security flaws.
permalink: pmd_rules_java_security.html
folder: pmd/rules/java
sidebaractiveurl: /pmd_rules_java.html
editmepath: ../pmd-java/src/main/resources/category/java/security.xml
keywords: Security, InsecureCryptoIv
language: Java
---
## InsecureCryptoIv
**Since:** PMD 6.3.0
**Priority:** Medium (3)
Do not use hard coded initialization vector in cryptographic operations. Please use a randomly generated IV.
**This rule is defined by the following Java class:** [net.sourceforge.pmd.lang.java.rule.security.InsecureCryptoIvRule](https://github.com/pmd/pmd/blob/master/pmd-java/src/main/java/net/sourceforge/pmd/lang/java/rule/security/InsecureCryptoIvRule.java)
**Example(s):**
``` java
public class Foo {
void good() {
SecureRandom random = new SecureRandom();
byte iv[] = new byte[16];
random.nextBytes(bytes);
}
void bad() {
byte[] iv = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, };
}
void alsoBad() {
byte[] iv = "secret iv in here".getBytes();
}
}
```
**Use this rule by referencing it:**
``` xml
<rule ref="category/java/security.xml/InsecureCryptoIv" />
```