We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TestCode: 1 package WeakEncryption.InadequateRSAPadding; 2 3 import javax.crypto.Cipher; 4 5 public class CWE780_WeakEncryption_InadequateRSAPadding_01 { 6 public void bad() throws Exception { 7 /* POTENTIAL FLAW: Not OAEP */ 8 Cipher.getInstance("RSA"); 9 } 10 11 public void good() throws Exception { 12 Cipher.getInstance("RSA/ECB/OAEPWithSHA-512AndMGF1Padding"); 13 } 14 }
findings.json: [{ "problem": false, "locations": [{ "region": { "endLine": 7, "endColumn": 32, "startColumn": 27, "startLine": 7 }, "artifactLocation": {"uri": "file:/xxx/InadequateRSAPadding/CWE780_WeakEncryption_InadequateRSAPadding_01.java"} }], "logMsg": "Rule ID_2_01 verified", "onfailIdentifier": "Invalid_TR21021_Cipher" },{ "problem": false, "locations": [{ "region": { "endLine": 11, "endColumn": 66, "startColumn": 27, "startLine": 11 }, "artifactLocation": {"uri": "file:/xxx/InadequateRSAPadding/CWE780_WeakEncryption_InadequateRSAPadding_01.java"} }], "logMsg": "Rule ID_2_01 verified", "onfailIdentifier": "Invalid_TR21021_Cipher" },{ "problem": true, "locations": [], "logMsg": "Rule BouncyCastleProvider_Cipher violated", "onfailIdentifier": "InvalidProvider_Cipher" },{ "problem": true, "locations": [{ "region": { "endLine": 11, "endColumn": 66, "startColumn": 27, "startLine": 11 }, "artifactLocation": {"uri": "file:/xxx/InadequateRSAPadding/CWE780_WeakEncryption_InadequateRSAPadding_01.java"} }], "logMsg": "Rule ID_3_5_01 violated", "onfailIdentifier": "InvalidRSAPadding" },{ "problem": true, "locations": [], "logMsg": "Rule ID_3_5_01 violated", "onfailIdentifier": "InvalidRSAPadding" }]
For the first finding, the startLine and endLine is number 7, but it is inconsistent with the actual code line number 8.
Is it a bug?
The text was updated successfully, but these errors were encountered:
No branches or pull requests
TestCode:
1 package WeakEncryption.InadequateRSAPadding;
2
3 import javax.crypto.Cipher;
4
5 public class CWE780_WeakEncryption_InadequateRSAPadding_01 {
6 public void bad() throws Exception {
7 /* POTENTIAL FLAW: Not OAEP */
8 Cipher.getInstance("RSA");
9 }
10
11 public void good() throws Exception {
12 Cipher.getInstance("RSA/ECB/OAEPWithSHA-512AndMGF1Padding");
13 }
14 }
findings.json:
[{
"problem": false,
"locations": [{
"region": {
"endLine": 7,
"endColumn": 32,
"startColumn": 27,
"startLine": 7
},
"artifactLocation": {"uri": "file:/xxx/InadequateRSAPadding/CWE780_WeakEncryption_InadequateRSAPadding_01.java"}
}],
"logMsg": "Rule ID_2_01 verified",
"onfailIdentifier": "Invalid_TR21021_Cipher"
},{
"problem": false,
"locations": [{
"region": {
"endLine": 11,
"endColumn": 66,
"startColumn": 27,
"startLine": 11
},
"artifactLocation": {"uri": "file:/xxx/InadequateRSAPadding/CWE780_WeakEncryption_InadequateRSAPadding_01.java"}
}],
"logMsg": "Rule ID_2_01 verified",
"onfailIdentifier": "Invalid_TR21021_Cipher"
},{
"problem": true,
"locations": [],
"logMsg": "Rule BouncyCastleProvider_Cipher violated",
"onfailIdentifier": "InvalidProvider_Cipher"
},{
"problem": true,
"locations": [{
"region": {
"endLine": 11,
"endColumn": 66,
"startColumn": 27,
"startLine": 11
},
"artifactLocation": {"uri": "file:/xxx/InadequateRSAPadding/CWE780_WeakEncryption_InadequateRSAPadding_01.java"}
}],
"logMsg": "Rule ID_3_5_01 violated",
"onfailIdentifier": "InvalidRSAPadding"
},{
"problem": true,
"locations": [],
"logMsg": "Rule ID_3_5_01 violated",
"onfailIdentifier": "InvalidRSAPadding"
}]
For the first finding, the startLine and endLine is number 7, but it is inconsistent with the actual code line number 8.
Is it a bug?
The text was updated successfully, but these errors were encountered: