diff --git a/pmd-java/src/main/resources/category/java/security.xml b/pmd-java/src/main/resources/category/java/security.xml index 4d8ba3aa27..91a64a883b 100644 --- a/pmd-java/src/main/resources/category/java/security.xml +++ b/pmd-java/src/main/resources/category/java/security.xml @@ -37,30 +37,30 @@ public class Foo { } ]]> </example> - </rule> + </rule> - <rule name="HardCodedCryptoKey" since="6.3.0" - message="Do not use hard coded encryption keys" - class="net.sourceforge.pmd.lang.java.rule.security.HardCodedCryptoKeyRule" - externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#hardcodedcryptokey"> - <description> + <rule name="HardCodedCryptoKey" since="6.3.0" + message="Do not use hard coded encryption keys" + class="net.sourceforge.pmd.lang.java.rule.security.HardCodedCryptoKeyRule" + externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#hardcodedcryptokey"> + <description> Do not use hard coded values for cryptographic operations. Please store keys outside of source code. </description> - <priority>3</priority> - <example> + <priority>3</priority> + <example> <![CDATA[ public class Foo { void good() { - SecretKeySpec secretKeySpec = new SecretKeySpec(Properties.getKey(), "AES"); + SecretKeySpec secretKeySpec = new SecretKeySpec(Properties.getKey(), "AES"); } void bad() { - SecretKeySpec secretKeySpec = new SecretKeySpec("my secret here".getBytes(), "AES"); + SecretKeySpec secretKeySpec = new SecretKeySpec("my secret here".getBytes(), "AES"); } } ]]> </example> - </rule> + </rule> </ruleset>