com.h3xstream.findsecbugs.crypto

Class StaticIvDetector

java.lang.Object

com.h3xstream.findsecbugs.crypto.StaticIvDetector

All Implemented Interfaces:

edu.umd.cs.findbugs.Detector, edu.umd.cs.findbugs.Priorities

public class StaticIvDetector
extends Object
implements edu.umd.cs.findbugs.Detector

The main goal of the this detector is to find encryption being done with static initialization vector (IV). By design, the IV should be change for every message encrypt by a system.

Note on the implementation

The strategy to find those occurrences is not to backtrack to find the potential source of the bytes being passed. It will not be trigger if SecureRandom instance is use. Therefor, it is very likely to trigger false positive if the encryption is separate from the IV generation.

Field Summary

Fields inherited from interface edu.umd.cs.findbugs.Priorities

EXP_PRIORITY, HIGH_PRIORITY, IGNORE_PRIORITY, LOW_PRIORITY, NORMAL_PRIORITY

Constructor Summary

Constructors

Constructor and Description
StaticIvDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Summary

Modifier and Type	Method and Description
void	report()
void	visitClassContext(edu.umd.cs.findbugs.ba.ClassContext classContext)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

StaticIvDetector

public StaticIvDetector(edu.umd.cs.findbugs.BugReporter bugReporter)

Method Detail

visitClassContext

public void visitClassContext(edu.umd.cs.findbugs.ba.ClassContext classContext)

Specified by:

visitClassContext in interface edu.umd.cs.findbugs.Detector

report

public void report()

Specified by:

report in interface edu.umd.cs.findbugs.Detector