joerg
/
elx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
2.2.1.0
2.2.1.1
2.2.1.10
2.2.1.11
2.2.1.13
2.2.1.14
2.2.1.15
2.2.1.16
2.2.1.19
2.2.1.2
2.2.1.20
2.2.1.21
2.2.1.22
2.2.1.23
2.2.1.24
2.2.1.27
2.2.1.29
2.2.1.3
2.2.1.30
2.2.1.31
2.2.1.32
2.2.1.33
2.2.1.34
2.2.1.35
2.2.1.36
2.2.1.37
2.2.1.39
2.2.1.4
2.2.1.41
2.2.1.44
2.2.1.45
2.2.1.46
2.2.1.47
2.2.1.48
2.2.1.49
2.2.1.5
2.2.1.50
2.2.1.6
2.2.1.7
2.2.1.9
5.0.1.0
5.0.1.1
5.1.1
5.2.2.0
5.3.0.0
5.3.0.1
6.3.2.0
6.3.2.1
6.3.2.2
6.3.2.3
6.3.2.4
6.3.2.5
6.3.2.6
6.3.2.7
6.3.2.8
7,10,2,31
7.10.2.0
7.10.2.1
7.10.2.11
7.10.2.12
7.10.2.13
7.10.2.14
7.10.2.15
7.10.2.16
7.10.2.17
7.10.2.18
7.10.2.19
7.10.2.2
7.10.2.21
7.10.2.22
7.10.2.23
7.10.2.24
7.10.2.25
7.10.2.26
7.10.2.27
7.10.2.28
7.10.2.29
7.10.2.3
7.10.2.30
7.10.2.32
7.10.2.33
7.10.2.34
7.10.2.35
7.10.2.36
7.10.2.37
7.10.2.38
7.10.2.39
7.10.2.4
7.10.2.40
7.10.2.41
7.10.2.42
7.10.2.43
7.10.2.44
7.10.2.45
7.10.2.6
7.10.2.7
7.10.2.8
7.10.2.9
7.6.1.0
7.6.1.1
7.6.1.3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2.2.1.33'
${ noResults }
elx/config/pmd/category/java/security.xml

66 lines
2.1 KiB
XML
Raw Permalink Blame History

<?xml version="1.0"?>
<ruleset name="Security" xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 https://pmd.sourceforge.io/ruleset_2_0_0.xsd">
<description>
Rules that flag potential security flaws.
</description>
<rule name="HardCodedCryptoKey"
since="6.4.0"
message="Do not use hard coded encryption keys"
class="net.sourceforge.pmd.lang.java.rule.security.HardCodedCryptoKeyRule"
externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#hardcodedcryptokey">
<description>
Do not use hard coded values for cryptographic operations. Please store keys outside of source code.
</description>
<priority>3</priority>
<example>
<![CDATA[
public class Foo {
void good() {
SecretKeySpec secretKeySpec = new SecretKeySpec(Properties.getKey(), "AES");
}
void bad() {
SecretKeySpec secretKeySpec = new SecretKeySpec("my secret here".getBytes(), "AES");
}
}
]]>
</example>
</rule>
<rule name="InsecureCryptoIv"
since="6.3.0"
message="Do not use hard coded initialization vector in crypto operations"
class="net.sourceforge.pmd.lang.java.rule.security.InsecureCryptoIvRule"
externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#insecurecryptoiv">
<description>
Do not use hard coded initialization vector in cryptographic operations. Please use a randomly generated IV.
</description>
<priority>3</priority>
<example>
<![CDATA[
public class Foo {
void good() {
SecureRandom random = new SecureRandom();
byte iv[] = new byte[16];
random.nextBytes(bytes);
}
void bad() {
byte[] iv = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, };
}
void alsoBad() {
byte[] iv = "secret iv in here".getBytes();
}
}
]]>
</example>
</rule>
</ruleset>
Reference in New Issue View Git Blame Copy Permalink