From ac7b94aaa298a4707884e6ef16836fe6e985e334 Mon Sep 17 00:00:00 2001
From: Andreas Dangel <andreas.dangel@adangel.org>
Date: Mon, 21 May 2018 11:52:11 +0200
Subject: [PATCH] The rule is new with 6.4.0. Sort alphabetically

---
 .../main/resources/category/java/security.xml | 47 +++++++++----------
 .../java/rule/security/SecurityRulesTest.java |  2 +-
 2 files changed, 24 insertions(+), 25 deletions(-)

diff --git a/pmd-java/src/main/resources/category/java/security.xml b/pmd-java/src/main/resources/category/java/security.xml
index 91a64a883b..73fae75838 100644
--- a/pmd-java/src/main/resources/category/java/security.xml
+++ b/pmd-java/src/main/resources/category/java/security.xml
@@ -8,6 +8,29 @@
 Rules that flag potential security flaws.
     </description>
 
+    <rule name="HardCodedCryptoKey" since="6.4.0"
+          message="Do not use hard coded encryption keys"
+          class="net.sourceforge.pmd.lang.java.rule.security.HardCodedCryptoKeyRule"
+          externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#hardcodedcryptokey">
+        <description>
+Do not use hard coded values for cryptographic operations. Please store keys outside of source code.
+        </description>
+        <priority>3</priority>
+        <example>
+<![CDATA[
+public class Foo {
+    void good() {
+        SecretKeySpec secretKeySpec = new SecretKeySpec(Properties.getKey(), "AES");
+    }
+
+    void bad() {
+        SecretKeySpec secretKeySpec = new SecretKeySpec("my secret here".getBytes(), "AES");
+    }
+}
+]]>
+        </example>
+    </rule>
+
     <rule name="InsecureCryptoIv"
           since="6.3.0"
           message="Do not use hard coded initialization vector in crypto operations"
@@ -39,28 +62,4 @@ public class Foo {
         </example>
     </rule>
 
-    <rule name="HardCodedCryptoKey" since="6.3.0"
-          message="Do not use hard coded encryption keys"
-          class="net.sourceforge.pmd.lang.java.rule.security.HardCodedCryptoKeyRule"
-          externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#hardcodedcryptokey">
-        <description>
-Do not use hard coded values for cryptographic operations. Please store keys outside of source code.
-        </description>
-        <priority>3</priority>
-        <example>
-<![CDATA[
-public class Foo {
-    void good() {
-        SecretKeySpec secretKeySpec = new SecretKeySpec(Properties.getKey(), "AES");
-    }
-
-    void bad() {
-        SecretKeySpec secretKeySpec = new SecretKeySpec("my secret here".getBytes(), "AES");
-    }
-}
-]]>
-        </example>
-    </rule>
-
-
 </ruleset>
diff --git a/pmd-java/src/test/java/net/sourceforge/pmd/lang/java/rule/security/SecurityRulesTest.java b/pmd-java/src/test/java/net/sourceforge/pmd/lang/java/rule/security/SecurityRulesTest.java
index fd38a98e8a..b7a875f135 100644
--- a/pmd-java/src/test/java/net/sourceforge/pmd/lang/java/rule/security/SecurityRulesTest.java
+++ b/pmd-java/src/test/java/net/sourceforge/pmd/lang/java/rule/security/SecurityRulesTest.java
@@ -12,7 +12,7 @@ public class SecurityRulesTest extends SimpleAggregatorTst {
 
     @Override
     public void setUp() {
-        addRule(RULESET, "InsecureCryptoIv");
         addRule(RULESET, "HardCodedCryptoKey");
+        addRule(RULESET, "InsecureCryptoIv");
     }
 }