java.lang.security.audit.crypto.no-static-initialization-vector.no-static-initialization-vector

Verifed by r2c
Community Favorite
profile photo of semgrepsemgrep
Author
121,021
Download Count*
LGPL Commons Clause
License

Initialization Vectors (IVs) for block ciphers should be randomly generated each time they are used. Using a static IV means the same plaintext encrypts to the same ciphertext every time, weakening the strength of the encryption.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: no-static-initialization-vector
    message: Initialization Vectors (IVs) for block ciphers should be randomly
      generated each time they are used. Using a static IV means the same
      plaintext encrypts to the same ciphertext every time, weakening the
      strength of the encryption.
    metadata:
      cwe:
        - "CWE-329: Generation of Predictable IV with CBC Mode"
      owasp:
        - A02:2021 - Cryptographic Failures
      source-rule-url: https://find-sec-bugs.github.io/bugs.htm#STATIC_IV
      asvs:
        section: V6 Stored Cryptography Verification Requirements
        control_id: 6.2.5 Insecure Algorithm
        control_url: https://github.com/OWASP/ASVS/blob/master/4.0/en/0x14-V6-Cryptography.md#v62-algorithms
        version: "4"
      references:
        - https://cwe.mitre.org/data/definitions/329.html
      category: security
      technology:
        - java
      subcategory:
        - vuln
      likelihood: MEDIUM
      impact: MEDIUM
      confidence: HIGH
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Cryptographic Issues
    severity: WARNING
    languages:
      - java
    pattern-either:
      - pattern: |
          byte[] $IV = {
              ...
          };
          ...
          new IvParameterSpec($IV, ...);
      - pattern: |
          class $CLASS {
              byte[] $IV = {
                  ...
              };
              ...
              $METHOD(...) {
                  ...
                  new IvParameterSpec($IV, ...);
                  ...
              }
          }

Examples

no-static-initialization-vector.java

public class StaticIV {

    public StaticIV() {
        // ruleid: no-static-initialization-vector
        byte[] iv = {
            (byte) 0, (byte) 0, (byte) 0, (byte) 0,
            (byte) 0, (byte) 0, (byte) 0, (byte) 0,
            (byte) 0, (byte) 0, (byte) 0, (byte) 0,
            (byte) 0, (byte) 0, (byte) 0, (byte) 0
        };

        IvParameterSpec staticIvSpec = new IvParameterSpec(iv);

        c.init(Cipher.ENCRYPT_MODE, skeySpec, staticIvSpec, new SecureRandom());
    }
}

// ruleid: no-static-initialization-vector
public class StaticIV2 {
    // ruleid: no-static-initialization-vector
    byte[] iv = {
        (byte) 0, (byte) 0, (byte) 0, (byte) 0,
        (byte) 0, (byte) 0, (byte) 0, (byte) 0,
        (byte) 0, (byte) 0, (byte) 0, (byte) 0,
        (byte) 0, (byte) 0, (byte) 0, (byte) 0
    };


    public StaticIV2() {
        IvParameterSpec staticIvSpec = new IvParameterSpec(iv);

        c.init(Cipher.ENCRYPT_MODE, skeySpec, staticIvSpec, new SecureRandom());
    }
}

public class RandomIV {

    public RandomIV() {
        // ok: no-static-initialization-vector
        byte[] iv = new byte[16];
        new SecureRandom().nextBytes(iv);

        IvParameterSpec staticIvSpec = new IvParameterSpec(iv); // IvParameterSpec initialized using its own randomizer.

        c.init(Cipher.ENCRYPT_MODE, skeySpec, staticIvSpec, new SecureRandom());
    }
}