Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add test case from #208 #663

Merged
merged 2 commits into from
Jul 5, 2024
Merged

Add test case from #208 #663

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0b205b1
Add test case from #69
smeyer198 Jul 4, 2024
abca07b
Add test case from #208
smeyer198 Jul 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CryptoAnalysis/src/test/java/tests/headless/ReportedIssueTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ public void reportedIssues() {
HeadlessCryptoScanner scanner = createScanner(mavenProject);

setErrorsCount("<issueseeds.Main: void main(java.lang.String[])>", RequiredPredicateError.class, 1);

setErrorsCount("<issue208.Issue208WithSingleEntryPoint: void encryptImpl()>", RequiredPredicateError.class, 0);
setErrorsCount("<issue208.Issue208WithMultipleEntryPoints: void encryptImpl()>", RequiredPredicateError.class, 1);

setErrorsCount("<issue81.Encryption: byte[] encrypt(byte[],javax.crypto.SecretKey)>", ConstraintError.class, 1);
setErrorsCount("<issue81.Encryption: byte[] encrypt(byte[],javax.crypto.SecretKey)>", RequiredPredicateError.class, 1);
Expand All @@ -43,6 +46,9 @@ public void reportedIssues() {
setErrorsCount("<issue70.ClientProtocolDecoder: byte[] decryptAES(byte[])>", ConstraintError.class, 1);
setErrorsCount("<issue70.ClientProtocolDecoder: byte[] decryptAES(byte[])>", RequiredPredicateError.class, 3);

setErrorsCount("<issue69.Issue69: void encryptByPublicKey(java.lang.String)>", IncompleteOperationError.class, 1);
setErrorsCount("<issue69.Issue69: void encryptByPublicKey(java.lang.String)>", RequiredPredicateError.class, 4);

// TODO toCharArray() is not currently not considered when evaluating NeverTypeOfErrors
setErrorsCount("<issue68.AESCryptor: byte[] getKey(java.lang.String)>", NeverTypeOfError.class, 0);
setErrorsCount("<issue68.AESCryptor: byte[] getKey(java.lang.String)>", RequiredPredicateError.class, 3);
Expand Down
8 changes: 8 additions & 0 deletions CryptoAnalysisTargets/ReportedIssues/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,12 @@
</plugin>
</plugins>
</build>

<dependencies>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.10</version>
</dependency>
</dependencies>
</project>
19 changes: 19 additions & 0 deletions ...nalysisTargets/ReportedIssues/src/main/java/issue208/Issue208WithMultipleEntryPoints.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
package issue208;

import javax.crypto.spec.IvParameterSpec;
import java.security.SecureRandom;

public class Issue208WithMultipleEntryPoints {

private final SecureRandom secureRandom = new SecureRandom();

private static final int IV_LENGTH = 32;

private void encryptImpl() {
byte[] iv = new byte[IV_LENGTH];
secureRandom.nextBytes(iv);

// iv has to ensure 'randomized'
IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
}
}
25 changes: 25 additions & 0 deletions ...toAnalysisTargets/ReportedIssues/src/main/java/issue208/Issue208WithSingleEntryPoint.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package issue208;

import javax.crypto.spec.IvParameterSpec;
import java.security.SecureRandom;

public class Issue208WithSingleEntryPoint {

private final SecureRandom secureRandom = new SecureRandom();

private static final int IV_LENGTH = 32;

private void encryptImpl() {
byte[] iv = new byte[IV_LENGTH];
secureRandom.nextBytes(iv);

IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
}

public static void main(String[] args) {
// Method 'main' is the single entry point -> Instantiate SecureRandom seed and
// use it in 'encryptImpl'
Issue208WithSingleEntryPoint issue208 = new Issue208WithSingleEntryPoint();
issue208.encryptImpl();
}
}
25 changes: 25 additions & 0 deletions CryptoAnalysisTargets/ReportedIssues/src/main/java/issue69/Issue69.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package issue69;

import org.apache.commons.codec.binary.Base64;

import javax.crypto.Cipher;
import java.security.Key;
import java.security.KeyFactory;
import java.security.spec.X509EncodedKeySpec;

public class Issue69 {

private static final String KEY_ALGORITHM = "RSA";

public void encryptByPublicKey(String publicKey) throws Exception {
byte[] keyBytes = new Base64().decode(publicKey.getBytes());
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key publicK = keyFactory.generatePublic(x509KeySpec);

Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());

// RequiredPredicateError because no predicate is ensured on 'keyBytes'
cipher.init(Cipher.ENCRYPT_MODE, publicK);
}
}
Loading