== How to fix it in pyca

=== Code examples

==== Noncompliant code example

[source,python,diff-id=1,diff-type=noncompliant]
----
from cryptography.hazmat.primitives.ciphers import (
    Cipher,
    algorithms,
    modes,
)

iv     = "doNotTryThis@Home2023"
cipher = Cipher(algorithms.AES(key), modes.CBC(iv))

cipher.encryptor()  # Noncompliant
----

==== Compliant solution

:explicit_strong: os.urandom

include::../../common/fix/explicit-fix.adoc[]

[source,python,diff-id=1,diff-type=compliant]
----
from os import urandom

from cryptography.hazmat.primitives.ciphers import (
    Cipher,
    algorithms,
    modes,
)

iv     = urandom(16)
cipher = Cipher(algorithms.AES(key), modes.CBC(iv))

cipher.encryptor()
----

=== How does this work?

include::../../common/fix/fix.adoc[]