com.h3xstream.findsecbugs.crypto
Class StaticIvDetector
java.lang.Object
com.h3xstream.findsecbugs.crypto.StaticIvDetector
- All Implemented Interfaces:
- edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities
public class StaticIvDetector
- extends Object
- implements edu.umd.cs.findbugs.Detector
The main goal of the this detector is to find encryption being done with static initialization vector (IV).
By design, the IV should be change for every message encrypt by a system.
Note on the implementation
The strategy to find those occurrences is not to backtrack to find the potential source of the bytes being passed.
It will not be trigger if SecureRandom instance is use. Therefor, it is very likely to trigger false positive if the
encryption is separate from the IV generation.
| Fields inherited from interface edu.umd.cs.findbugs.Priorities |
EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY |
|
Constructor Summary |
StaticIvDetector(edu.umd.cs.findbugs.BugReporter bugReporter)
|
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
StaticIvDetector
public StaticIvDetector(edu.umd.cs.findbugs.BugReporter bugReporter)
visitClassContext
public void visitClassContext(edu.umd.cs.findbugs.ba.ClassContext classContext)
- Specified by:
visitClassContext in interface edu.umd.cs.findbugs.Detector
report
public void report()
- Specified by:
report in interface edu.umd.cs.findbugs.Detector
Copyright © 2015. All rights reserved.