The ApexBadCrypto test has an issue where it will miss a hard coded IV or Key if it is inline in the code rather than being predeclared. So, for example, this will be caught by the test:
public without sharing class Foo {
Blob hardCodedIV = Blob.valueOf('Hardcoded IV 123');
Blob hardCodedKey = Blob.valueOf('0000000000000000');
Blob data = Blob.valueOf('Data to be encrypted');
Blob encrypted = Crypto.encrypt('AES128', hardCodedKey, hardCodedIV, data);
}
But this will not:
public without sharing class Foo {
Blob encrypted = Crypto.encrypt('AES128', Blob.valueOf('Hardcoded IV 123'), Blob.valueOf('0000000000000000'),
Blob.valueOf('Data to be encrypted'));
}
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4