IV falsely detected as not properly generated (reopen #68)

[knewbury01]

Reopening of issue 68

it is unclear to me which versions of CogniCrypt that this issue is expected to be fixed in.
I have been looking at this dataset and from my findings, this is still an issue,

I am able to reproduce the error from the following configuration(s):

Setup:

• get the (built) project in question: git clone https://github.com/anam-dodhy/dragonite-java.git

• using the following few versions of CogniCrypt (note these versions are released after the close date of the original issue):

  • a fairly recent buildable version of CogniCrypt, using the rules from the 2.3 release
  • the corresponding buildable version of CogniCrypt from approx. the 2.3 release, using the rules from the 2.3 release

• Attempted an analysis of both the entire project using this classpath: dragonite-java/dragonite-sdk/build/classes/java/main as well as just a copy of the isolated AESCryptor.class

• Both results in the following in the report:

in Method: byte[] encryptImpl(byte[])
        RequiredPredicateError violating CrySL rule for javax.crypto.spec.IvParameterSpec
            First parameter was not properly generated as randomized
            at statement: specialinvoke $r6.<javax.crypto.spec.IvParameterSpec: void <init>(byte[])>(r16)

Not clear why this issue arises, if it has reappeared, or if the version that it seemed to be fixed in is different than my current work environment in some way.

Please let me know if you need any other details to reproduce,
more details to be found in 68