whitespaces, javadoc

pmd-java/src/main/java/net/sourceforge/pmd/lang/java/rule/security/InsecureCryptoIvRule.java

@@ -21,12 +21,14 @@ import net.sourceforge.pmd.lang.java.typeresolution.TypeHelper;
 /**
  * Finds hardcoded static Initialization Vectors vectors used with cryptographic
  * operations.
- * 
+ *
+ * <code>
  * //bad: byte[] ivBytes = new byte[] {32, 87, -14, 25, 78, -104, 98, 40};
- * //bad: byte[] ivBytes = "hardcoded".getBytes(); //bad: byte[] ivBytes =
- * someString.getBytes();
- * 
- * javax.crypto.spec.IvParameterSpec must not be created from a static sources
+ * //bad: byte[] ivBytes = "hardcoded".getBytes();
+ * //bad: byte[] ivBytes = someString.getBytes();
+ * </code>
+ *
+ * <p>{@link javax.crypto.spec.IvParameterSpec} must not be created from a static sources
  * 
  * @author sergeygorbaty
  * @since 6.3.0

pmd-java/src/main/resources/category/java/security.xml

@@ -8,7 +8,8 @@
 Rules that flag potential security flaws.
     </description>
 
-    <rule name="HardCodedCryptoKey" since="6.4.0"
+    <rule name="HardCodedCryptoKey"
+          since="6.4.0"
           message="Do not use hard coded encryption keys"
           class="net.sourceforge.pmd.lang.java.rule.security.HardCodedCryptoKeyRule"
           externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#hardcodedcryptokey">
@@ -56,7 +57,6 @@ public class Foo {
     void alsoBad() {
         byte[] iv = "secret iv in here".getBytes();
     }
-    
 }
 ]]>
         </example>

pmd-java/src/test/resources/net/sourceforge/pmd/lang/java/rule/security/xml/InsecureCryptoIv.xml

@@ -1,140 +1,124 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <test-data xmlns="http://pmd.sourceforge.net/rule-tests"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://pmd.sourceforge.net/rule-tests http://pmd.sourceforge.net/rule-tests_1_0_0.xsd">
-	<test-code>
-		<description><![CDATA[
-Hard coded inline IvSpec, bad
-     ]]></description>
-		<expected-problems>1</expected-problems>
-		<code><![CDATA[
- import javax.crypto.spec.IvParameterSpec;       
- import javax.crypto.Cipher;   
- 
- public class Foo {
- 
- 	void outOfScope() {
- 		byte[] ivBytes = new byte[16];  	 	
- 	}
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://pmd.sourceforge.net/rule-tests http://pmd.sourceforge.net/rule-tests_1_0_0.xsd">
+    <test-code>
+        <description>Hard coded inline IvSpec, bad</description>
+        <expected-problems>1</expected-problems>
+        <code><![CDATA[
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.Cipher;
+
+public class Foo {
+
+    void outOfScope() {
+        byte[] ivBytes = new byte[16];
+    }
     byte[] ivBytes = new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, };  	
 
- 	void encrypt() {
-		Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-		cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(ivBytes));		 
-	}
+    void encrypt() {
+        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(ivBytes));
+    }
 }
-     ]]></code>
-	</test-code>
-	<test-code>
-		<description><![CDATA[
-Randomly generated IV, good 
-     ]]></description>
-		<expected-problems>0</expected-problems>
-		<code><![CDATA[
- import javax.crypto.spec.IvParameterSpec;       
- 
- public class Foo {
+        ]]></code>
+    </test-code>
+    <test-code>
+        <description>Randomly generated IV, good</description>
+        <expected-problems>0</expected-problems>
+        <code><![CDATA[
+import javax.crypto.spec.IvParameterSpec;
 
- 	void encrypt(SecretKeySpec key) {
- 	    byte[] ivBytes = new byte[key.getEncoded().length];
+public class Foo {
+
+    void encrypt(SecretKeySpec key) {
+        byte[] ivBytes = new byte[key.getEncoded().length];
         Util.getSecureRandom().nextBytes(ivBytes);
-		IvParameterSpec iv = new IvParameterSpec(ivBytes);
-	}
+        IvParameterSpec iv = new IvParameterSpec(ivBytes);
+    }
 }
-     ]]></code>
-	</test-code>
-	<test-code>
-		<description><![CDATA[
-Hard coded Iv from string, bad
-     ]]></description>
-		<expected-problems>1</expected-problems>
-		<code><![CDATA[
- import javax.crypto.spec.IvParameterSpec;       
- 
- public class Foo {
+        ]]></code>
+    </test-code>
+    <test-code>
+        <description>Hard coded Iv from string, bad</description>
+        <expected-problems>1</expected-problems>
+        <code><![CDATA[
+import javax.crypto.spec.IvParameterSpec;
 
- 	void encrypt() {
-		byte[] staticIv = "ALL_ZEROS_HERE".getBytes();
-		IvParameterSpec iv = new IvParameterSpec(staticIv);
-	}
-}
-     ]]></code>
-	</test-code>
-	<test-code>
-		<description><![CDATA[
-Hard coded Iv field, bad
-     ]]></description>
-		<expected-problems>1</expected-problems>
-		<code><![CDATA[
- import javax.crypto.spec.IvParameterSpec;       
- 
- public class Foo {
- 	
- 	byte[] ivBytes = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, }; 
- 	
- 	void encrypt() {
-		
-		IvParameterSpec iv = new IvParameterSpec(ivBytes);
-	}
-}
-     ]]></code>
-	</test-code>
-	<test-code>
-		<description><![CDATA[
-Hard coded Iv local var, bad
-     ]]></description>
-		<expected-problems>1</expected-problems>
-		<code><![CDATA[
- import javax.crypto.spec.IvParameterSpec;       
- 
- public class Foo {
-
- 	void encrypt() {
-		byte[] ivBytes = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, }; 
-		IvParameterSpec iv = new IvParameterSpec(ivBytes);
-	}
-}
-     ]]></code>
-	</test-code>
-	<test-code>
-		<description><![CDATA[
-Random IV, good
-     ]]></description>
-		<expected-problems>0</expected-problems>
-		<code><![CDATA[
-import javax.crypto.spec.IvParameterSpec;        
-import java.security.SecureRandom;        
-        
 public class Foo {
- 	void encrypt() {
-		byte[] iv = new byte[16];
-		SecureRandom sprng = new SecureRandom();
-		sprng.nextBytes(iv); 
-		IvParameterSpec ivs = new IvParameterSpec(ivBytes);
-	}	
-}
-     ]]></code>
-	</test-code>
-	<test-code>
-		<description><![CDATA[
-Inline IvSpec Random IV, good
-     ]]></description>
-		<expected-problems>0</expected-problems>
-		<code><![CDATA[
-import javax.crypto.spec.IvParameterSpec;        
-import java.security.SecureRandom;     
-import javax.crypto.Cipher;   
-        
-public class Foo {
- 	void encrypt() {
-		byte[] iv = new byte[16];
-		SecureRandom sprng = new SecureRandom();
-		sprng.nextBytes(iv);
-		Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-		cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(iv));		 
-	}	
-}
-     ]]></code>
-	</test-code>
 
+    void encrypt() {
+        byte[] staticIv = "ALL_ZEROS_HERE".getBytes();
+        IvParameterSpec iv = new IvParameterSpec(staticIv);
+    }
+}
+        ]]></code>
+    </test-code>
+    <test-code>
+        <description>Hard coded Iv field, bad</description>
+        <expected-problems>1</expected-problems>
+        <code><![CDATA[
+import javax.crypto.spec.IvParameterSpec;
+
+public class Foo {
+
+    byte[] ivBytes = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, };
+
+    void encrypt() {
+        IvParameterSpec iv = new IvParameterSpec(ivBytes);
+    }
+}
+        ]]></code>
+    </test-code>
+    <test-code>
+        <description>Hard coded Iv local var, bad</description>
+        <expected-problems>1</expected-problems>
+        <code><![CDATA[
+import javax.crypto.spec.IvParameterSpec;
+
+public class Foo {
+
+    void encrypt() {
+        byte[] ivBytes = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, };
+        IvParameterSpec iv = new IvParameterSpec(ivBytes);
+    }
+}
+        ]]></code>
+    </test-code>
+    <test-code>
+        <description>Random IV, good</description>
+        <expected-problems>0</expected-problems>
+        <code><![CDATA[
+import javax.crypto.spec.IvParameterSpec;
+import java.security.SecureRandom;
+
+public class Foo {
+    void encrypt() {
+        byte[] iv = new byte[16];
+        SecureRandom sprng = new SecureRandom();
+        sprng.nextBytes(iv); 
+        IvParameterSpec ivs = new IvParameterSpec(ivBytes);
+    }
+}
+        ]]></code>
+    </test-code>
+    <test-code>
+        <description>Inline IvSpec Random IV, good</description>
+        <expected-problems>0</expected-problems>
+        <code><![CDATA[
+import javax.crypto.spec.IvParameterSpec;
+import java.security.SecureRandom;
+import javax.crypto.Cipher;
+
+public class Foo {
+    void encrypt() {
+        byte[] iv = new byte[16];
+        SecureRandom sprng = new SecureRandom();
+        sprng.nextBytes(iv);
+        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(iv));
+    }
+}
+        ]]></code>
+    </test-code>
 </test-data>