You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Applying CryptoAnalysis on the project JobX with commit id 414503ff.
The analysis reports 38 violations (8 constraintError, 12 RequiredPredicateError, 4 ImpreciseValueExtractionError, 2 TypestateError, and 12 IncompleteOperationError). Details in the attacted report
For the RequiredPredicateError violation for method encryptByPublicKey, we assume that the report is a false positive
RequiredPredicateError violating CrySL rule for Cipher
Second parameter was not properly generatedKey
at statement: virtualinvoke r6.<javax.crypto.Cipher: void init(int,java.security.Key)>(1, r5)
The reported violation is in the file RSAUtils.java in line 238.
Notes why we assume that the violation is a false positive
REQUIRES
generatedKey[key, part(0, ""/"", transformation)]; https://docs.oracle.com/javase/7/docs/api/java/security/KeyFactory.html
""Key factories are used to convert keys (opaque cryptographic keys of type Key) into key specifications (transparent representations of the underlying key material), and vice versa. "" -> converts a key provided as a string (X509 specification) into a new key. This is not covered by CrySl -> assumes insecure"
I also have this problem - strangely the error message seems to be cut off in the middle:
"Second parameter was not properly generatedKey" The public key however is read from an existing keystore and was generated by using the java keytool.
Steps done
Applying CryptoAnalysis on the project JobX with commit id 414503ff.
The analysis reports 38 violations (8 constraintError, 12 RequiredPredicateError, 4 ImpreciseValueExtractionError, 2 TypestateError, and 12 IncompleteOperationError). Details in the attacted report
For the RequiredPredicateError violation for method encryptByPublicKey, we assume that the report is a false positive
Notes why we assume that the violation is a false positive
generatedKey[key, part(0, ""/"", transformation)];
https://docs.oracle.com/javase/7/docs/api/java/security/KeyFactory.html
""Key factories are used to convert keys (opaque cryptographic keys of type Key) into key specifications (transparent representations of the underlying key material), and vice versa. "" -> converts a key provided as a string (X509 specification) into a new key. This is not covered by CrySl -> assumes insecure"
/cc @anam-dodhy
The text was updated successfully, but these errors were encountered: