Author: tilman Date: Sun Nov 10 08:43:16 2019 New Revision: 1869628 URL: http://svn.apache.org/viewvc?rev=1869628&view=rev Log: PDFBOX-4071: add exception for Sonar because PDF specification requests usage of problematic encryption algorithms
Modified: pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java Modified: pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java URL: http://svn.apache.org/viewvc/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java?rev=1869628&r1=1869627&r2=1869628&view=diff ============================================================================== --- pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java (original) +++ pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java Sun Nov 10 08:43:16 2019 @@ -286,6 +286,7 @@ public abstract class SecurityHandler try { + @SuppressWarnings({"squid:S4432"}) // PKCS#5 padding is requested by PDF specification Cipher decryptCipher; try { @@ -337,9 +338,11 @@ public abstract class SecurityHandler return; } + @SuppressWarnings({"squid:S4432"}) // PKCS#5 padding is requested by PDF specification Cipher cipher; try { + cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); SecretKeySpec keySpec = new SecretKeySpec(encryptionKey, "AES"); IvParameterSpec ivSpec = new IvParameterSpec(iv); Modified: pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java URL: http://svn.apache.org/viewvc/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java?rev=1869628&r1=1869627&r2=1869628&view=diff ============================================================================== --- pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java (original) +++ pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java Sun Nov 10 08:43:16 2019 @@ -316,6 +316,7 @@ public final class StandardSecurityHandl { // "Decrypt the 16-byte Perms string using AES-256 in ECB mode with an // initialization vector of zero and the file encryption key as the key." + @SuppressWarnings({"squid:S4432"}) Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding"); cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(encryptionKey, "AES")); byte[] perms = cipher.doFinal(encryption.getPerms());