Refactor scan rule implementation

changelog.md

@@ -7,14 +7,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ### Added
 - [Introduce support for PBKDF2 password hashing and verification](https://github.com/ballerina-platform/ballerina-lang/issues/43926)
+- [Add static analysis rule - Encryption algorithms should be used with secure mode and padding scheme](https://github.com/ballerina-platform/ballerina-library/issues/7940)
+- [Add static analysis rule - Passwords should not be stored in plaintext or with a fast hashing algorithm](https://github.com/ballerina-platform/ballerina-library/issues/7950)
+- [Add static analysis rule - Counter Mode initialization vectors should not be reused](https://github.com/ballerina-platform/ballerina-library/issues/8010)
 
-### Changed
-- [Update OIDS of NIST approved post quantum algorithms](https://github.com/ballerina-platform/ballerina-library/issues/7678)
-- [Optimize hardcoded IV detection using semantic model reference counting](https://github.com/ballerina-platform/ballerina-library/issues/8257)
+## [2.9.1] - 2025-09-29
 
 ### Fixed
 - [Implement optional close method check for BStream](https://github.com/ballerina-platform/ballerina-library/issues/8288)
 
+## [2.9.0] - 2025-03-12
+
+### Changed
+- [Update OIDS of NIST approved post quantum algorithms](https://github.com/ballerina-platform/ballerina-library/issues/7678)
+
+
 ## [2.8.0] - 2025-02-11
 
 ### Added

compiler-plugin-tests/src/test/java/io/ballerina/stdlib/crypto/compiler/staticcodeanalyzer/StaticCodeAnalyzerTest.java

@@ -49,7 +49,6 @@
 import static io.ballerina.scan.RuleKind.VULNERABILITY;
 import static io.ballerina.stdlib.crypto.compiler.staticcodeanalyzer.CryptoRule.AVOID_FAST_HASH_ALGORITHMS;
 import static io.ballerina.stdlib.crypto.compiler.staticcodeanalyzer.CryptoRule.AVOID_REUSING_COUNTER_MODE_VECTORS;
-import static io.ballerina.stdlib.crypto.compiler.staticcodeanalyzer.CryptoRule.AVOID_USING_UNSECURE_RANDOM_NUMBER_GENERATORS;
 import static io.ballerina.stdlib.crypto.compiler.staticcodeanalyzer.CryptoRule.AVOID_WEAK_CIPHER_ALGORITHMS;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
@@ -118,28 +117,19 @@ private void validateRules(List<Rule> rules) {
                 "ballerina/crypto:3",
                 AVOID_REUSING_COUNTER_MODE_VECTORS.getDescription(),
                 VULNERABILITY);
-        Assertions.assertRule(
-                rules,
-                "ballerina/crypto:4",
-                AVOID_USING_UNSECURE_RANDOM_NUMBER_GENERATORS.getDescription(),
-                VULNERABILITY);
     }
 
     private void validateIssues(CryptoRule rule, List<Issue> issues) {
         switch (rule) {
             case AVOID_WEAK_CIPHER_ALGORITHMS:
-                Assert.assertEquals(issues.size(), 6);
+                Assert.assertEquals(issues.size(), 4);
                 Assertions.assertIssue(issues, 0, "ballerina/crypto:1", "aes_cbc.bal",
                         30, 30, Source.BUILT_IN);
-                Assertions.assertIssue(issues, 1, "ballerina/crypto:4", "aes_cbc.bal",
+                Assertions.assertIssue(issues, 1, "ballerina/crypto:1", "aes_cbc_as_import.bal",
                         30, 30, Source.BUILT_IN);
-                Assertions.assertIssue(issues, 2, "ballerina/crypto:1", "aes_cbc_as_import.bal",
-                        30, 30, Source.BUILT_IN);
-                Assertions.assertIssue(issues, 3, "ballerina/crypto:4", "aes_cbc_as_import.bal",
-                        30, 30, Source.BUILT_IN);
-                Assertions.assertIssue(issues, 4, "ballerina/crypto:1", "aes_ecb.bal",
+                Assertions.assertIssue(issues, 2, "ballerina/crypto:1", "aes_ecb.bal",
                         26, 26, Source.BUILT_IN);
-                Assertions.assertIssue(issues, 5, "ballerina/crypto:1", "aes_ecb_as_import.bal",
+                Assertions.assertIssue(issues, 3, "ballerina/crypto:1", "aes_ecb_as_import.bal",
                         26, 26, Source.BUILT_IN);
                 break;
             case AVOID_FAST_HASH_ALGORITHMS:
@@ -196,11 +186,6 @@ private void validateIssues(CryptoRule rule, List<Issue> issues) {
                 Assertions.assertIssue(issues, 5, "ballerina/crypto:3", "mod_var_pos_arg.bal",
                         23, 23, Source.BUILT_IN);
                 break;
-            case AVOID_USING_UNSECURE_RANDOM_NUMBER_GENERATORS:
-                Assert.assertEquals(issues.size(), 1);
-                Assertions.assertIssue(issues, 0, "ballerina/crypto:4", "main.bal",
-                        27, 27, Source.BUILT_IN);
-                break;
             default:
                 Assert.fail("Unhandled rule in validateIssues: " + rule);
                 break;