The rule is new with 6.4.0. Sort alphabetically

2018-05-21 11:52:11 +02:00
parent 4d31d1fb04
commit ac7b94aaa2
2 changed files with 24 additions and 25 deletions
--- a/pmd-java/src/main/resources/category/java/security.xml
+++ b/pmd-java/src/main/resources/category/java/security.xml
@@ -8,6 +8,29 @@
 Rules that flag potential security flaws.
    </description>

+    <rule name="HardCodedCryptoKey" since="6.4.0"
+          message="Do not use hard coded encryption keys"
+          class="net.sourceforge.pmd.lang.java.rule.security.HardCodedCryptoKeyRule"
+          externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#hardcodedcryptokey">
+        <description>
+Do not use hard coded values for cryptographic operations. Please store keys outside of source code.
+        </description>
+        <priority>3</priority>
+        <example>
+<![CDATA[
+public class Foo {
+    void good() {
+        SecretKeySpec secretKeySpec = new SecretKeySpec(Properties.getKey(), "AES");
+    }
+
+    void bad() {
+        SecretKeySpec secretKeySpec = new SecretKeySpec("my secret here".getBytes(), "AES");
+    }
+}
+]]>
+        </example>
+    </rule>
+
    <rule name="InsecureCryptoIv"
          since="6.3.0"
          message="Do not use hard coded initialization vector in crypto operations"
@@ -39,28 +62,4 @@ public class Foo {
        </example>
    </rule>

-    <rule name="HardCodedCryptoKey" since="6.3.0"
-          message="Do not use hard coded encryption keys"
-          class="net.sourceforge.pmd.lang.java.rule.security.HardCodedCryptoKeyRule"
-          externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#hardcodedcryptokey">
-        <description>
-Do not use hard coded values for cryptographic operations. Please store keys outside of source code.
-        </description>
-        <priority>3</priority>
-        <example>
-<![CDATA[
-public class Foo {
-    void good() {
-        SecretKeySpec secretKeySpec = new SecretKeySpec(Properties.getKey(), "AES");
-    }
-
-    void bad() {
-        SecretKeySpec secretKeySpec = new SecretKeySpec("my secret here".getBytes(), "AES");
-    }
-}
-]]>
-        </example>
-    </rule>
-
-
 </ruleset>
--- a/pmd-java/src/test/java/net/sourceforge/pmd/lang/java/rule/security/SecurityRulesTest.java
+++ b/pmd-java/src/test/java/net/sourceforge/pmd/lang/java/rule/security/SecurityRulesTest.java
@@ -12,7 +12,7 @@ public class SecurityRulesTest extends SimpleAggregatorTst {

    @Override
    public void setUp() {
-        addRule(RULESET, "InsecureCryptoIv");
        addRule(RULESET, "HardCodedCryptoKey");
+        addRule(RULESET, "InsecureCryptoIv");
    }
 }