You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Actual Result:
IncompleteOperationError on method testFail() with message: Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update
This error only happens if you use the substring() method. It does not matter on which string object you invoke the method or which parameters are in the substring method. The IncompleteOperationError finding get reported anyway.
It get's even more interesting if you perform the analysis on semantically identical code in Java (below).
In this application CryptoAnalysis does not report any findings (as expected).
Consider the following application:
Expected Result: No findings by CryptoAnalysis.
Actual Result:
IncompleteOperationError on method
testFail()
with message:Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update
This error only happens if you use the
substring()
method. It does not matter on which string object you invoke the method or which parameters are in the substring method. The IncompleteOperationError finding get reported anyway.It get's even more interesting if you perform the analysis on semantically identical code in Java (below).
In this application CryptoAnalysis does not report any findings (as expected).
Questions here:
Crypto Analysis Version: 2.7.1 - 2.7.3-SNAPSHOT
JVM: Tested on 1.8 and 11
The text was updated successfully, but these errors were encountered: