diff --git a/data/dragonite-java/misuses/2/misuse.yml b/data/dragonite-java/misuses/2/misuse.yml index 0643ad409..436c24db0 100644 --- a/data/dragonite-java/misuses/2/misuse.yml +++ b/data/dragonite-java/misuses/2/misuse.yml @@ -2,14 +2,15 @@ api: - javax.crypto.spec.IvParameterSpec violations: - insecure/condition/randomization -description: > - While creating the object for IvParameterSpec, the first parameter was not properly randomized.. +description: | + The first parameter of the constructor of IVParameterSpec is not properly randomized. location: file: com/vecsight/dragonite/sdk/cryptor/AESCryptor.java method: "decryptImpl(byte[])" line: 76 -internal: +internal: true pattern: crash: false source: - name: + name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini + url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy diff --git a/data/ha-bridge/misuses/2/misuse.yml b/data/ha-bridge/misuses/2/misuse.yml index 687b90206..271164963 100644 --- a/data/ha-bridge/misuses/2/misuse.yml +++ b/data/ha-bridge/misuses/2/misuse.yml @@ -2,13 +2,14 @@ api: - javax.crypto.spec.PBEParameterSpec violations: - insecure/condition/iteration_count -description: > - Iteration count in while creating PBEParameterSpec object is 20 which should be greater than 1000. +description: | + The parameter iteration count for the constructor of PBEParameterSpec is 20 and should be greater than 10000. + More details are available in the following CrySL rule . location: file: com/bwssystems/HABridge/BridgeSecurity.java method: "encrypt(String)" line: 331 -internal: +internal: true pattern: crash: false source: diff --git a/data/ha-bridge/misuses/5/misuse.yml b/data/ha-bridge/misuses/5/misuse.yml index bdac8ced6..86db79a6d 100644 --- a/data/ha-bridge/misuses/5/misuse.yml +++ b/data/ha-bridge/misuses/5/misuse.yml @@ -8,7 +8,7 @@ location: file: com/bwssystems/HABridge/BridgeSecurity.java method: "decrypt(String)" line: 340 -internal: +internal: true pattern: crash: false source: diff --git a/data/ha-bridge/misuses/7/misuse.yml b/data/ha-bridge/misuses/7/misuse.yml index 11aab4908..c455434e7 100644 --- a/data/ha-bridge/misuses/7/misuse.yml +++ b/data/ha-bridge/misuses/7/misuse.yml @@ -3,7 +3,7 @@ api: violations: - insecure/condition/iteration_count description: > - Iteration count in while creating PBEParameterSpec object is 20 which should be greater than 1000. + The parameter iteration count for the constructor of PBEParameterSpec is 20 and should be greater than 10000. location: file: com/bwssystems/HABridge/BridgeSecurity.java method: "decrypt(String)" diff --git a/data/instagram4j/misuses/1/misuse.yml b/data/instagram4j/misuses/1/misuse.yml index 4bcfabb9e..22f92e789 100644 --- a/data/instagram4j/misuses/1/misuse.yml +++ b/data/instagram4j/misuses/1/misuse.yml @@ -3,12 +3,12 @@ api: violations: - insecure/condition/randomization description: > - First parameter in SecretKeySpec(byte[], String) was not properly randomized + The first parameter in SecretKeySpec is a not properly generated key. location: file: org/brunocvcunha/instagram4j/util/InstagramHashUtil.java method: "generateHash(String, String)" line: 128 -internal: +internal: true pattern: crash: false source: diff --git a/data/nettygameserver/misuses/1/misuse.yml b/data/nettygameserver/misuses/1/misuse.yml index cb9f2e4b4..085317c50 100644 --- a/data/nettygameserver/misuses/1/misuse.yml +++ b/data/nettygameserver/misuses/1/misuse.yml @@ -3,12 +3,12 @@ api: violations: - insecure/condition/iteration_count description: > - The third parameter of PBEKeySpec(passPhrase.toCharArray(), byte[], int) is the Iteration count with 17 value which should be greater than 1000 + The third parameter of PBEKeySpec(passPhrase.toCharArray(), byte[], int) is the Iteration count with 17 value which should be greater than 10000 location: file: com/snowcattle/game/common/util/DesEncrypter.java method: "DesEncrypter(String, byte[])" line: 34 -internal: +internal: true pattern: crash: false source: