From f9ebe4c11986b1034faedb80cd57e07434b3ecc5 Mon Sep 17 00:00:00 2001
From: Sergey Gorbaty <sgorbaty@apple.com>
Date: Wed, 18 Apr 2018 10:25:12 -0700
Subject: [PATCH] Version change and use of shorthands

---
 .../rule/security/InsecureCryptoIvRule.java   | 11 +++----
 .../main/resources/category/java/security.xml | 29 +++++++++----------
 2 files changed, 18 insertions(+), 22 deletions(-)

diff --git a/pmd-java/src/main/java/net/sourceforge/pmd/lang/java/rule/security/InsecureCryptoIvRule.java b/pmd-java/src/main/java/net/sourceforge/pmd/lang/java/rule/security/InsecureCryptoIvRule.java
index 3266c7661c..95e9593b84 100644
--- a/pmd-java/src/main/java/net/sourceforge/pmd/lang/java/rule/security/InsecureCryptoIvRule.java
+++ b/pmd-java/src/main/java/net/sourceforge/pmd/lang/java/rule/security/InsecureCryptoIvRule.java
@@ -12,7 +12,6 @@ import net.sourceforge.pmd.lang.java.ast.ASTAllocationExpression;
 import net.sourceforge.pmd.lang.java.ast.ASTArrayInitializer;
 import net.sourceforge.pmd.lang.java.ast.ASTClassOrInterfaceDeclaration;
 import net.sourceforge.pmd.lang.java.ast.ASTClassOrInterfaceType;
-import net.sourceforge.pmd.lang.java.ast.ASTCompilationUnit;
 import net.sourceforge.pmd.lang.java.ast.ASTFieldDeclaration;
 import net.sourceforge.pmd.lang.java.ast.ASTLiteral;
 import net.sourceforge.pmd.lang.java.ast.ASTLocalVariableDeclaration;
@@ -34,13 +33,13 @@ import net.sourceforge.pmd.lang.java.rule.AbstractJavaRule;
  * javax.crypto.spec.IvParameterSpec must not be created from a static sources
  * 
  * @author sergeygorbaty
- * @since 6.3
+ * @since 6.3.0
  *
  */
 public class InsecureCryptoIvRule extends AbstractJavaRule {
 
     public InsecureCryptoIvRule() {
-        addRuleChainVisit(ASTCompilationUnit.class);
+        addRuleChainVisit(ASTClassOrInterfaceDeclaration.class);
     }
 
     @Override
@@ -61,10 +60,8 @@ public class InsecureCryptoIvRule extends AbstractJavaRule {
 
             ASTClassOrInterfaceType declClassName = allocation.getFirstDescendantOfType(ASTClassOrInterfaceType.class);
             if (declClassName != null) {
-                Class<?> foundClass = declClassName.getTypeDefinition() == null ? null
-                        : declClassName.getTypeDefinition().getType();
-
-                if (foundClass != null && foundClass.equals(javax.crypto.spec.IvParameterSpec.class)) {
+                Class<?> foundClass = declClassName.getType();
+                if (foundClass != null && javax.crypto.spec.IvParameterSpec.class.isAssignableFrom(foundClass)) {
                     ASTPrimaryExpression init = allocation.getFirstDescendantOfType(ASTPrimaryExpression.class);
                     if (init != null) {
                         ASTName name = init.getFirstDescendantOfType(ASTName.class);
diff --git a/pmd-java/src/main/resources/category/java/security.xml b/pmd-java/src/main/resources/category/java/security.xml
index 67b89c28e5..d148f3cdee 100644
--- a/pmd-java/src/main/resources/category/java/security.xml
+++ b/pmd-java/src/main/resources/category/java/security.xml
@@ -1,24 +1,23 @@
 <?xml version="1.0"?>
 
 <ruleset name="Security"
-    xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 http://pmd.sourceforge.net/ruleset_2_0_0.xsd">
+	xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 http://pmd.sourceforge.net/ruleset_2_0_0.xsd">
 
-    <description>
+	<description>
 Rules that flag potential security flaws.
     </description>
-    
-        <rule name="InsecureCryptoIv"
-          since="6.3"
-          message="Do not use hard coded initialization vector in crypto operations"
-          class="net.sourceforge.pmd.lang.java.rule.security.InsecureCryptoIvRule"
-          externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#insecurecryptoiv">
-        <description>
+
+	<rule name="InsecureCryptoIv" since="6.3.0"
+		message="Do not use hard coded initialization vector in crypto operations"
+		class="net.sourceforge.pmd.lang.java.rule.security.InsecureCryptoIvRule"
+		externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#insecurecryptoiv">
+		<description>
 Do not use hard coded initialization vector in cryptographic operations. Please use a randomly generated IV.
         </description>
-        <priority>3</priority>
-        <example>
+		<priority>3</priority>
+		<example>
 <![CDATA[
 public class Foo {
     void good() {
@@ -38,7 +37,7 @@ public class Foo {
 }
 ]]>
         </example>
-    </rule>
-    
+	</rule>
+
 
 </ruleset>
\ No newline at end of file