@zhuma4/cli 4.0.0-alpha.1

package/rules/common/cwe-295-ssl-bypass.yaml

@@ -0,0 +1,217 @@
+# CWE-295: SSL/TLS 证书验证绕过
+# 逐码 ZhuMa V4.0 Alpha — 通用规则库
+#
+# 禁用或绕过 SSL/TLS 证书验证使应用完全暴露于中间人攻击（MITM）。
+# 攻击者可拦截并篡改所有传输的数据——包括凭证、会话令牌和加密密钥。
+# 任何时候都不应在生产代码中绕过证书验证。
+
+rules:
+
+# ZM-JAVA-SSLVERIFY-001: 全信任 TrustManager（空校验）
+- id: zm-java-sslverify-001
+  severity: CRITICAL
+  message: |
+    检测到 X509TrustManager 实现但 checkServerTrusted / checkClientTrusted 方法体为空。
+    这相当于完全信任任何证书，攻击者可通过 MITM 攻击拦截所有 TLS 流量。
+    移除此自定义 TrustManager，使用系统默认证书链验证。
+
+    修复示例：
+      // 删除自定义空 TrustManager
+      // 使用默认 TrustManagerFactory:
+      TrustManagerFactory tmf = TrustManagerFactory.getInstance(
+          TrustManagerFactory.getDefaultAlgorithm());
+      tmf.init((KeyStore) null);
+      SSLContext ctx = SSLContext.getInstance("TLS");
+      ctx.init(null, tmf.getTrustManagers(), new SecureRandom());
+
+    参考：
+    - CWE-295: https://cwe.mitre.org/data/definitions/295.html
+    - Android Security: Network Security Configuration: https://developer.android.com/training/articles/security-config
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        new X509TrustManager() {
+          ...
+          public void checkServerTrusted(...) {}
+          ...
+          public void checkClientTrusted(...) {}
+          ...
+        }
+    - pattern: |
+        new X509TrustManager() {
+          ...
+          public void checkClientTrusted(...) {}
+          ...
+          public void checkServerTrusted(...) {}
+          ...
+        }
+    - pattern: |
+        new X509TrustManager() {
+          ...
+          public void checkServerTrusted(...) { }
+          ...
+        }
+    - pattern: |
+        new X509TrustManager() {
+          ...
+          public void checkClientTrusted(...) { }
+          ...
+        }
+    - pattern: |
+        class $CLASS implements X509TrustManager {
+          ...
+          public void checkServerTrusted(...) { }
+          ...
+        }
+  metadata:
+    cwe: "CWE-295: Improper Certificate Validation"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: very-high
+    industries: ["common"]
+    tags:
+      - crypto
+      - tls
+      - ssl
+      - certificate-validation
+      - mitm
+    references:
+      - https://cwe.mitre.org/data/definitions/295.html
+      - https://developer.android.com/training/articles/security-config
+
+# ZM-JAVA-SSLVERIFY-002: HostnameVerifier 全部接受
+- id: zm-java-sslverify-002
+  severity: HIGH
+  message: |
+    检测到 HostnameVerifier 实现始终返回 true，或使用 ALLOW_ALL_HOSTNAME_VERIFIER。
+    这会绕过主机名验证，使得 MITM 攻击者可以通过任意证书伪装成合法服务器。
+    生产代码不得使用此类验证器；仅在测试环境中临时使用。
+
+    修复示例：
+      // 删除自定义 HostnameVerifier
+      // 使用默认 hostname 验证即可：
+      HttpsURLConnection.setDefaultHostnameVerifier(
+          HttpsURLConnection.getDefaultHostnameVerifier());
+
+    参考：
+    - CWE-295: https://cwe.mitre.org/data/definitions/295.html
+    - Android HostnameVerifier: https://developer.android.com/reference/javax/net/ssl/HostnameVerifier
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        new HostnameVerifier() {
+          ...
+          public boolean verify(...) {
+            ...
+            return true;
+          }
+          ...
+        }
+    - pattern: |
+        public boolean verify(...) {
+          ...
+          return true;
+          ...
+        }
+    - pattern: |
+        SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER
+    - pattern: |
+        $CONN.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
+  metadata:
+    cwe: "CWE-295: Improper Certificate Validation"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: very-high
+    industries: ["common"]
+    tags:
+      - crypto
+      - tls
+      - ssl
+      - hostname-verification
+      - mitm
+    references:
+      - https://cwe.mitre.org/data/definitions/295.html
+      - https://developer.android.com/reference/javax/net/ssl/HostnameVerifier
+
+# ZM-JAVA-SSLVERIFY-003: allowAllHostnames() 调用
+- id: zm-java-sslverify-003
+  severity: HIGH
+  message: |
+    检测到 Apache HttpClient 的 allowAllHostnames() 调用，绕过主机名验证。
+    这使得 MITM 攻击者可使用任意证书伪装为合法服务器。
+    删除此调用以使用默认主机名验证。
+
+    修复示例：
+      // 删除 .allowAllHostnames() 调用
+      // HttpClient 4.3+ 默认执行严格主机名验证
+
+    参考：
+    - CWE-295: https://cwe.mitre.org/data/definitions/295.html
+    - Apache HttpClient SSL Guide: https://hc.apache.org/httpcomponents-client-4.5.x/ssl-tls.html
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        $BUILDER.allowAllHostnames()
+    - pattern: |
+        $B.allowAllHostnames()
+    - pattern: |
+        $HTTP.allowAllHostnames()
+  metadata:
+    cwe: "CWE-295: Improper Certificate Validation"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: high
+    industries: ["common"]
+    tags:
+      - crypto
+      - tls
+      - ssl
+      - apache-httpclient
+      - hostname-verification
+    references:
+      - https://cwe.mitre.org/data/definitions/295.html
+      - https://hc.apache.org/httpcomponents-client-4.5.x/ssl-tls.html
+
+# ZM-JAVA-SSLVERIFY-004: SSLContext.init 空 TrustManager
+- id: zm-java-sslverify-004
+  severity: CRITICAL
+  message: |
+    检测到 SSLContext.init() 传入包含空 TrustManager 的数组。
+    空 TrustManager 意味着不验证服务器证书链，完全暴露于 MITM 攻击。
+    使用 TrustManagerFactory 从系统信任库加载默认 TrustManager。
+
+    修复示例：
+      TrustManagerFactory tmf = TrustManagerFactory.getInstance(
+          TrustManagerFactory.getDefaultAlgorithm());
+      tmf.init((KeyStore) null);
+      SSLContext ctx = SSLContext.getInstance("TLS");
+      ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
+
+    参考：
+    - CWE-295: https://cwe.mitre.org/data/definitions/295.html
+    - OWASP TLS Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        SSLContext.getInstance("$TLS").init($KM, new TrustManager[]{$NULL_TM}, $RANDOM)
+    - pattern: |
+        $CTX.init($KM, new TrustManager[]{$NULL_TM}, $RANDOM)
+    - pattern: |
+        $CTX.init($KM, new TrustManager[] {$NULL_TM}, $RANDOM)
+    - pattern: |
+        $CTX.init($KM, new TrustManager[]{new X509TrustManager(), ...}, $RANDOM)
+  metadata:
+    cwe: "CWE-295: Improper Certificate Validation"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: very-high
+    industries: ["common"]
+    tags:
+      - crypto
+      - tls
+      - ssl
+      - trust-manager
+      - mitm
+    references:
+      - https://cwe.mitre.org/data/definitions/295.html
+      - https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html

package/rules/common/cwe-295-ssl-verification-disabled.yaml

@@ -0,0 +1,64 @@
+# CWE-295: SSL 证书验证禁用检测规则
+# 逐码 ZhuMa V4.0 Alpha — 通用规则库
+
+rules:
+
+# ZM-JAVA-SSL-001: 信任所有证书 TrustManager
+- id: zm-java-ssl-001
+  severity: HIGH
+  message: |
+    检测到 X509TrustManager 实现中信任所有证书 (checkClientTrusted/checkServerTrusted 为空)。
+    这将导致 SSL/TLS 中间人攻击 (MITM)。
+    必须正确验证证书链和主机名。
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        new X509TrustManager() {
+          ...
+          public void checkClientTrusted(...) {}
+          public void checkServerTrusted(...) {}
+          ...
+        };
+  metadata:
+    cwe: "CWE-295: Improper Certificate Validation"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: very-high
+
+# ZM-JAVA-SSL-002: HostnameVerifier 返回 true
+- id: zm-java-ssl-002
+  severity: HIGH
+  message: |
+    检测到 HostnameVerifier 总是返回 true，绕过主机名验证。
+    应使用默认的浏览器兼容主机名验证器。
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        new HostnameVerifier() {
+          ...
+          public boolean verify(...) {
+            return true;
+          }
+          ...
+        };
+  metadata:
+    cwe: "CWE-295: Improper Certificate Validation"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: very-high
+
+# ZM-JAVA-SSL-003: SSLContext 使用 ALLOW_ALL_HOSTNAME_VERIFIER
+- id: zm-java-ssl-003
+  severity: HIGH
+  message: |
+    检测到使用 ALLOW_ALL_HOSTNAME_VERIFIER 禁用主机名验证。
+    中间人攻击者可伪造证书劫持加密通信。
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER
+  metadata:
+    cwe: "CWE-295: Improper Certificate Validation"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: very-high

package/rules/common/cwe-306-missing-authentication.yaml

@@ -0,0 +1,44 @@
+# CWE-306: 关键功能缺少身份验证检测规则 (Sprint 2)
+# 已知限制: Semgrep Java parser 不支持 pattern-not-inside 配合注解 (Parse_error)
+# 无法自动排除已有 @PreAuthorize/@Secured 的方法
+# FPR 28.6% 为已知可接受水平，人工审查可快速过滤
+
+rules:
+
+# ZM-JAVA-MA-001: @RestController + @GetMapping/@PostMapping 无 @PreAuthorize
+- id: zm-java-ma-001
+  severity: MEDIUM
+  message: |
+    @GetMapping/@PostMapping 方法缺少认证注解。应检查是否已添加 @PreAuthorize/@Secured。
+    如已有安全注解且本规则误报，人工忽略。
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        @GetMapping(...)
+        public $RET $METHOD(...) {
+          ...
+        }
+    - pattern: |
+        @PostMapping(...)
+        public $RET $METHOD(...) {
+          ...
+        }
+  metadata:
+    cwe: "CWE-306: Missing Authentication for Critical Function"
+    owasp: "A01:2021 - Broken Access Control"
+    precision: low
+
+# ZM-JAVA-MA-002: Spring Security 配置无认证要求
+- id: zm-java-ma-002
+  severity: MEDIUM
+  message: |
+    Spring Security permitAll() 允许未认证访问，需审查是否所有敏感端点都要求认证。
+  languages:
+    - java
+  pattern-either:
+    - pattern: $HTTP.authorizeRequests().anyRequest().permitAll()
+  metadata:
+    cwe: "CWE-306: Missing Authentication for Critical Function"
+    owasp: "A01:2021 - Broken Access Control"
+    precision: low

package/rules/common/cwe-326-weak-key-size.yaml

@@ -0,0 +1,107 @@
+# CWE-326: Inadequate Encryption Strength
+# ZhuMa V4.0 Alpha -- Common Rules
+
+rules:
+
+# ZM-JAVA-WEAKKEY-001: AES key size < 128 bits
+- id: zm-java-weakkey-001
+  severity: CRITICAL
+  message: |
+    AES key size below 128 bits detected. NIST SP 800-57 Part 1 requires >= 128-bit
+    security strength. Standard AES key lengths are 128, 192, or 256 bits.
+    Production environments should use AES-256.
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        $KG.init(64)
+    - pattern: |
+        $KG.init(96)
+    - pattern: |
+        $KG.init(8)
+    - pattern: |
+        $KG.init(16)
+    - pattern: |
+        $KG.init(32)
+    - pattern: |
+        $KG.init(40)
+    - pattern: |
+        $KG.init(48)
+    - pattern: |
+        $KG.init(56)
+    - pattern: |
+        $KG.init(80)
+    - pattern: |
+        $KG.init(112)
+    - pattern: |
+        $KG.init(127)
+  metadata:
+    cwe: "CWE-326: Inadequate Encryption Strength"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: very-high
+    industries:
+      - common
+    references:
+      - "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf"
+      - "https://cwe.mitre.org/data/definitions/326.html"
+
+# ZM-JAVA-WEAKKEY-002: RSA key size < 2048 bits
+- id: zm-java-weakkey-002
+  severity: CRITICAL
+  message: |
+    RSA key size below 2048 bits detected. NIST SP 800-131A Rev.2 requires RSA >= 2048.
+    RSA-512/768/1024 have been demonstrated factorable.
+    Use 2048, 3072, or 4096 bits.
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        $KPG.initialize(512)
+    - pattern: |
+        $KPG.initialize(768)
+    - pattern: |
+        $KPG.initialize(1024)
+    - pattern: |
+        $KPG.initialize(1536)
+    - pattern: |
+        $KPG.initialize(2047)
+  metadata:
+    cwe: "CWE-326: Inadequate Encryption Strength"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: very-high
+    industries:
+      - common
+    references:
+      - "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf"
+      - "https://cwe.mitre.org/data/definitions/326.html"
+
+# ZM-JAVA-WEAKKEY-003: EC key size < 256 bits
+- id: zm-java-weakkey-003
+  severity: HIGH
+  message: |
+    EC key size below 256 bits detected. NIST SP 800-57 recommends >= 256-bit curves.
+    secp192r1/secp224r1 provide < 128-bit equivalent security.
+    Use secp256r1 (P-256), secp384r1 (P-384), secp521r1 (P-521), or Curve25519.
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        $KPG.initialize(192)
+    - pattern: |
+        $KPG.initialize(224)
+    - pattern: |
+        $KPG.initialize(128)
+    - pattern: |
+        $KPG.initialize(160)
+    - pattern: |
+        $KPG.initialize(255)
+  metadata:
+    cwe: "CWE-326: Inadequate Encryption Strength"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: high
+    industries:
+      - common
+    references:
+      - "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf"
+      - "https://safecurves.cr.yp.to/"
+      - "https://cwe.mitre.org/data/definitions/326.html"

package/rules/common/cwe-327-weak-crypto.yaml

@@ -0,0 +1,177 @@
+# CWE-327: 使用破解或危险的加密算法
+# 逐码 ZhuMa V4.0 Alpha — 通用规则库
+
+rules:
+
+# ZM-JAVA-WEAKCRYPTO-001: DES/3DES 加密
+- id: zm-java-weakcrypto-001
+  severity: CRITICAL
+  message: |
+    使用了 DES/3DES 加密算法，该算法已被破解且密钥长度不足。
+    DES 使用 56 位有效密钥，可在数小时内暴力破解；3DES 仅提供 112 位等效安全性。
+    应迁移至 AES-256-GCM 或 ChaCha20-Poly1305。
+    参考: NIST SP 800-131A Rev.2 已废止 DES/3DES。
+  languages:
+    - java
+  pattern-either:
+    - pattern: Cipher.getInstance("DES")
+    - pattern: Cipher.getInstance("DESede")
+    - pattern: Cipher.getInstance("3DES")
+    - pattern: KeyGenerator.getInstance("DES")
+    - pattern: Cipher.getInstance("DES/CBC/PKCS5Padding")
+    - pattern: Cipher.getInstance("DES/CBC/NoPadding")
+    - pattern: Cipher.getInstance("DES/ECB/PKCS5Padding")
+    - pattern: Cipher.getInstance("DES/ECB/NoPadding")
+    - pattern: Cipher.getInstance("DESede/CBC/PKCS5Padding")
+    - pattern: Cipher.getInstance("DESede/ECB/PKCS5Padding")
+  metadata:
+    cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: very-high
+    industries:
+      - common
+    references:
+      - "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf"
+      - "https://cwe.mitre.org/data/definitions/327.html"
+
+# ZM-JAVA-WEAKCRYPTO-002: RC2/RC4/Blowfish 弱算法
+- id: zm-java-weakcrypto-002
+  severity: CRITICAL
+  message: |
+    使用了 RC2/RC4/Blowfish 弱加密算法。
+    RC4 存在严重密码学缺陷（偏向性密钥流），RC2 为 64 位分组密码已被淘汰，
+    Blowfish 使用 64 位分组大小易受 Sweet32 生日攻击。
+    应迁移至 AES-256-GCM 或 ChaCha20-Poly1305。
+  languages:
+    - java
+  pattern-either:
+    - pattern: Cipher.getInstance("RC2")
+    - pattern: Cipher.getInstance("RC4")
+    - pattern: Cipher.getInstance("Blowfish")
+    - pattern: Cipher.getInstance("RC2/CBC/PKCS5Padding")
+    - pattern: Cipher.getInstance("Blowfish/CBC/PKCS5Padding")
+    - pattern: KeyGenerator.getInstance("RC2")
+    - pattern: KeyGenerator.getInstance("Blowfish")
+  metadata:
+    cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: very-high
+    industries:
+      - common
+    references:
+      - "https://sweet32.info/"
+      - "https://cwe.mitre.org/data/definitions/327.html"
+
+# ZM-JAVA-WEAKCRYPTO-003: 无认证加密模式 ECB
+- id: zm-java-weakcrypto-003
+  severity: HIGH
+  message: |
+    使用了 ECB 模式进行对称加密，该模式不提供数据认证且无法隐藏数据模式。
+    相同的明文块会产生相同的密文块，可遭受块重放攻击和模式分析攻击。
+    应使用 GCM（Galois/Counter Mode）或 CTR+CBC 配合 HMAC 提供认证加密。
+  languages:
+    - java
+  pattern-either:
+    - pattern: Cipher.getInstance("AES/ECB/NoPadding")
+    - pattern: Cipher.getInstance("AES/ECB/PKCS5Padding")
+    - pattern: Cipher.getInstance("AES/ECB/ISO10126Padding")
+    - pattern: Cipher.getInstance("DES/ECB/NoPadding")
+    - pattern: Cipher.getInstance("DES/ECB/PKCS5Padding")
+    - pattern: Cipher.getInstance("DESede/ECB/NoPadding")
+    - pattern: Cipher.getInstance("DESede/ECB/PKCS5Padding")
+    - pattern: Cipher.getInstance("Blowfish/ECB/NoPadding")
+    - pattern: Cipher.getInstance("Blowfish/ECB/PKCS5Padding")
+    - pattern: Cipher.getInstance("RC2/ECB/PKCS5Padding")
+    - pattern: Cipher.getInstance("RSA/ECB/NoPadding")
+    - pattern: Cipher.getInstance("RSA/ECB/PKCS1Padding")
+  metadata:
+    cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: high
+    industries:
+      - common
+    references:
+      - "https://csrc.nist.gov/pubs/sp/800/38/d/final"
+      - "https://cwe.mitre.org/data/definitions/327.html"
+
+# ZM-JAVA-WEAKCRYPTO-004: RSA 不安全配置
+- id: zm-java-weakcrypto-004
+  severity: HIGH
+  message: |
+    使用了不安全的 RSA 配置：密钥长度不足 2048 位或使用 PKCS1Padding 填充模式。
+    RSA-1024 在 2024 年已被认为可破解，PKCS1Padding 易受 Bleichenbacher 选择密文攻击。
+    应使用 RSA-2048（最低要求）或 RSA-4096，搭配 OAEPWithSHA-256AndMGF1Padding。
+    NIST SP 800-131A Rev.2 要求 RSA 密钥 ≥ 2048 位。
+  languages:
+    - java
+  pattern-either:
+    - pattern: Cipher.getInstance("RSA")
+    - pattern: Cipher.getInstance("RSA/ECB/PKCS1Padding")
+    - pattern: Cipher.getInstance("RSA/ECB/NoPadding")
+    - pattern: Cipher.getInstance("RSA/NONE/PKCS1Padding")
+    - pattern: Cipher.getInstance("RSA/NONE/NoPadding")
+  metadata:
+    cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: high
+    industries:
+      - common
+    references:
+      - "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf"
+      - "https://cwe.mitre.org/data/definitions/327.html"
+
+# ZM-JAVA-WEAKCRYPTO-005: JWT Algorithm=none
+- id: zm-java-weakcrypto-005
+  severity: CRITICAL
+  message: |
+    JWT 使用 algorithm="none" 或在未校验算法前设置签名密钥，可能导致 JWT 算法混淆攻击。
+    攻击者可将 algorithm 修改为 "none" 绕过签名验证，或使用公钥算法混淆为 HMAC 实现伪造签名。
+    必须在解析 JWT 前显式限制 algorithm，使用 .requireAlgorithm() 或 .verifyWith() 明确指定算法。
+    参考: CVE-2015-9235, CVE-2016-5431（alg=none 攻击）。
+  languages:
+    - java
+  pattern-either:
+    - pattern: |
+        Jwts.parser().setSigningKey(...)
+    - pattern: |
+        Jwts.parserBuilder().setSigningKey(...)
+    - pattern: Jwts.parser().parseClaimsJwt(...)
+  metadata:
+    cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: high
+    industries:
+      - common
+    references:
+      - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9235"
+      - "https://cwe.mitre.org/data/definitions/327.html"
+      - "https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/"
+
+# ZM-JAVA-WEAKCRYPTO-006: 固定 IV / 硬编码 IV
+- id: zm-java-weakcrypto-006
+  severity: HIGH
+  message: |
+    使用了硬编码或静态初始化向量（IV），严重削弱 CBC/GCM 等模式的安全性。
+    对于 CBC 模式，固定 IV 使加密确定性化，可遭受块重放攻击和选择明文攻击（如 BEAST）。
+    对于 GCM 模式，IV 重用会完全破坏认证加密的安全性，泄露明文 XOR 结果。
+    必须为每次加密使用 CSPRNG 生成随机 IV（如 SecureRandom），并将 IV 随密文一起存储。
+  languages:
+    - java
+  patterns:
+    - pattern: |
+        new IvParameterSpec($BYTES)
+    - pattern: |
+        new GCMParameterSpec(..., $BYTES)
+    - pattern: |
+        new IvParameterSpec("...".getBytes())
+    - pattern: |
+        new IvParameterSpec(new byte[]{...})
+  metadata:
+    cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
+    owasp: "A02:2021 - Cryptographic Failures"
+    precision: high
+    industries:
+      - common
+    references:
+      - "https://csrc.nist.gov/glossary/term/initialization_vector"
+      - "https://cwe.mitre.org/data/definitions/327.html"