Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Calls within wrapper class with an abstract class falsely detected #227

Open
akwick opened this issue Mar 31, 2020 · 0 comments
Open

Calls within wrapper class with an abstract class falsely detected #227

akwick opened this issue Mar 31, 2020 · 0 comments
Labels
bug false positive

Comments

@akwick
Copy link
Member

akwick commented Mar 31, 2020

CogniCrypt and Ruleset used: v2.7.1
Analyzed jar file: javautils-1.0_1.zip (Misuse is within Google Guava) | or simplified version wrapperMessageDigest.jar

Observed behavior: CogniCrypt reports a TypeStateError:

Unexpected call to method <java.security.MessageDigest: byte[] digest()> on object of type java.security.MessageDigest. 
Expect a call to one of the following methods 
java.security.MessageDigest: void update(byte[],int,int),
java.security.MessageDigest: void update(java.nio.ByteBuffer),
java.security.MessageDigest: byte[] digest(byte[]),
java.security.MessageDigest: void update(byte),
java.security.MessageDigest: void update(byte[])

Expected behavior: No misuse-report as the call happens in the method putLong.

When changing the code such that the wrapper class does not use an abstract class
wrapperMessageDigest_working.zip, no misuse is reported.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug false positive
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@akwick @kruegers