Implement random salt generation for credential encryption and add Qodana configuration

ozkanpakdil · ozkanpakdil · commit 03decb085fa9 · 2025-06-03T16:52:55.000+01:00
diff --git a/qodana.yaml b/qodana.yaml
@@ -0,0 +1,31 @@
+#-------------------------------------------------------------------------------#
+#               Qodana analysis is configured by qodana.yaml file               #
+#             https://www.jetbrains.com/help/qodana/qodana-yaml.html            #
+#-------------------------------------------------------------------------------#
+version: "1.0"
+
+#Specify inspection profile for code analysis
+profile:
+  name: qodana.starter
+
+#Enable inspections
+#include:
+#  - name: <SomeEnabledInspectionId>
+
+#Disable inspections
+#exclude:
+#  - name: <SomeDisabledInspectionId>
+#    paths:
+#      - <path/where/not/run/inspection>
+
+projectJDK: "24" #(Applied in CI/CD pipeline)
+
+#Execute shell command before Qodana execution (Applied in CI/CD pipeline)
+#bootstrap: sh ./prepare-qodana.sh
+
+#Install IDE plugins before Qodana execution (Applied in CI/CD pipeline)
+#plugins:
+#  - id: <plugin.id> #(plugin id can be found at https://plugins.jetbrains.com)
+
+#Specify Qodana linter for analysis (Applied in CI/CD pipeline)
+linter: jetbrains/qodana-jvm:2025.1
diff --git a/src/main/java/io/github/ozkanpakdil/swaggerific/security/CredentialEncryption.java b/src/main/java/io/github/ozkanpakdil/swaggerific/security/CredentialEncryption.java
@@ -15,7 +15,6 @@
 public class CredentialEncryption {
     private static final String ALGORITHM = "AES/GCM/NoPadding";
     private static final String KEY_ALGORITHM = "AES";
-    private static final byte[] SALT = "SwaggerificSalt".getBytes(StandardCharsets.UTF_8);
     private static final int GCM_IV_LENGTH = 12;
     private static final int GCM_TAG_LENGTH = 128;
     private static final SecretKey secretKey;
@@ -27,6 +26,8 @@ public class CredentialEncryption {
                                   System.getProperty("user.home");
 
             SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
+            byte[] SALT;
+            new SecureRandom().nextBytes(SALT = new byte[16]); // Generate a random salt
             KeySpec spec = new PBEKeySpec(systemSpecific.toCharArray(), SALT, 65536, 256);
             SecretKey tmp = factory.generateSecret(spec);
             secretKey = new SecretKeySpec(tmp.getEncoded(), KEY_ALGORITHM);
