You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ApexBadCrypto test has an issue where it will miss a hard coded IV or Key if it is inline in the code rather than being predeclared. So, for example, this will be caught by the test:
publicwithoutsharingclassFoo {
BlobhardCodedIV = Blob.valueOf('Hardcoded IV 123');
BlobhardCodedKey = Blob.valueOf('0000000000000000');
Blobdata = Blob.valueOf('Data to be encrypted');
Blobencrypted = Crypto.encrypt('AES128', hardCodedKey, hardCodedIV, data);
}
But this will not:
publicwithoutsharingclassFoo {
Blobencrypted = Crypto.encrypt('AES128', Blob.valueOf('Hardcoded IV 123'), Blob.valueOf('0000000000000000'),
Blob.valueOf('Data to be encrypted'));
}
The text was updated successfully, but these errors were encountered:
The ApexBadCrypto test has an issue where it will miss a hard coded IV or Key if it is inline in the code rather than being predeclared. So, for example, this will be caught by the test:
But this will not:
The text was updated successfully, but these errors were encountered: