Insecure use of (Insecure IV usage: constant IV) in symmetricEncryption.java

[A-Amyan]

We are a German research group investigating the misuse of cryptographic APIs.
We found vulnerabilities in symmetricEncryption.java at lines {40, 54}, which can lead to an attack (e.g., Semantic security is broken—identical plaintext blocks produce identical ciphertext blocks, leaking structure and enabling pattern analysis).

This is our result:

    "explanation": "Direct instantiation of IvParameterSpec in encrypt with the provided IV value.",
    "cryptographicObjectType": "IvParameterSpec",
    "codeSnippet": "IvParameterSpec ivps = new IvParameterSpec(iv);",
    "vulnerabilityType": "Insecure",
    "correction": "A constant IV value ('testtesttesttest') is hardcoded. Instead, generate a random IV for each encryption operation (if the chosen mode requires one) and securely transmit or store it alongside the ciphertext.",