Affects PMD Version: 6.35.0
Rule:HardcodedCryptoKey
Please provide the rule name and a link to the rule documentation:
https://pmd.github.io/pmd-6.35.0/pmd_rules_java_security.html#hardcodedcryptokey
Description:
PMD should have reported a warning to detect the bug at line 9 because when str is assigned by a string constant in the true branch, the program will exist a security flaw.
Code Sample demonstrating the issue:
public void testHardCodedCryptoKey(boolean tag) {
String str;
if(tag) {
str = "Hardcoded Crypto Key1";
} else {
str = "Hardcoded Crypto Key2";
}
SecretKeySpec secretKeySpec = new SecretKeySpec(str.getBytes(), "AES"); // should report a warning here
}
Expected outcome:
PMD should report a violation at line 9, but doesn't. This is a false-negative.
Running PMD through: [Maven]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4