Add 201 parametric crypto (JCA) misuses

data/abixen-platform/misuses/1/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.spec.IvParameterSpec
+violations:
+- insecure/condition/randomization
+description: >
+  First parameter while initializing the IvParameterSpec object was not properly randomized.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "decryptPassword(String)"
+  line: 66
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/abixen-platform/misuses/2/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/key
+description: >
+  Second parameter while initializing the Cipher object was not properly generatedKey.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "decryptPassword(String)"
+  line: 66
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/abixen-platform/misuses/3/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter in Cipher.getInstance(String) is with value "AES/CBC/PKCS5PADDING" which should be any of AES/CBC/{Empty String, PKCS7Padding, PKCS5Padding, ISO10126Padding}.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "decryptPassword(String)"
+  line: 65
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/abixen-platform/misuses/4/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/IV
+description: >
+  Third parameter while initializing the Cipher object was not properly preparedIV.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "decryptPassword(String)"
+  line: 66
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/abixen-platform/misuses/5/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter in Cipher.getInstance(String) is with value "AES/CBC/PKCS5PADDING" which should be any of AES/CBC/{Empty String, PKCS7Padding, PKCS5Padding, ISO10126Padding}.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "encryptPassword(String)"
+  line: 54
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/abixen-platform/misuses/6/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.spec.IvParameterSpec
+violations:
+- insecure/condition/randomization
+description: >
+  First parameter while initializing the IvParameterSpec object was not properly randomized.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "encryptPassword(String)"
+  line: 55
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/abixen-platform/misuses/7/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/key
+description: >
+  Second parameter while initializing the Cipher object was not properly generatedKey.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "encryptPassword(String)"
+  line: 55
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/abixen-platform/misuses/8/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/IV
+description: >
+  Third parameter while initializing the Cipher object was not properly preparedIV.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "encryptPassword(String)"
+  line: 55
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/abixen-platform/misuses/9/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.spec.SecretKeySpec
+violations:
+- insecure/condition/randomization
+description: >
+  First parameter while initializing the SecretKeySpec object was not properly randomized.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "generateKey(String)"
+  line: 39
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/abixen-platform/project.yml

@@ -0,0 +1,5 @@
+name: abixen-platform
+repository:
+  type: git
+  url: https://github.com/abixen/abixen-platform
+url: https://github.com/abixen/abixen-platform

data/abixen-platform/versions/99fe499/version.yml

@@ -0,0 +1,16 @@
+build:
+ classes: abixen-platform-business-intelligence-service/$mvn.default.classes
+ commands:
+ - mvn -pl :abixen-platform-web-content-service -am clean install
+ src: abixen-platform-business-intelligence-service/src/
+misuses:
+- '1'
+- '2'
+- '3'   
+- '4'
+- '5'
+- '6'
+- '7'
+- '8'
+- '9'
+revision: 99fe4994a70be92078545add013bb3bcdc089360

data/aliyun-oss-java-sdk/misuses/1/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- java.security.MessageDigest
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter in MessageDigest.getInstance(String) is with value "MD5" which should be any of {SHA-256, SHA-384, SHA-512}.
+location:
+  file: com/aliyun/oss/common/utils/BinaryUtil.java
+  method: "calculateMd5(byte[])"
+  line: 43
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/aliyun-oss-java-sdk/misuses/2/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.spec.SecretKeySpec
+violations:
+- insecure/condition/randomization
+description: >
+  First parameter while initializing SecretKeySpec object was not properly randomized.
+location:
+  file: com/aliyun/oss/common/utils/BinaryUtil.java
+  method: "sign(byte[], byte[])"
+  line: 87
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/aliyun-oss-java-sdk/project.yml

@@ -0,0 +1,5 @@
+name: aliyun-oss-java-sdk
+repository:
+  type: git
+  url: https://github.com/aliyun/aliyun-oss-java-sdk
+url: https://github.com/aliyun/aliyun-oss-java-sdk

data/aliyun-oss-java-sdk/versions/196cf71/version.yml

@@ -0,0 +1,9 @@
+build:
+  classes: $mvn.default.classes
+  commands:
+  - mvn clean compile
+  src: /src/main/java/
+misuses:
+- '1'
+- '2'
+revision: 196cf711417df73a72e0dc2f84a8f3a03c8371c2

data/and-res-guard/misuses/1/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- java.security.MessageDigest
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
+location:
+  file: main/java/apksigner/ApkSignerTool.java
+  method: "verify(String[])"
+  line: 419
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/and-res-guard/misuses/2/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- java.security.MessageDigest
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
+location:
+  file: main/java/apksigner/ApkSignerTool.java
+  method: "verify(String[])"
+  line: 420
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/and-res-guard/project.yml

@@ -0,0 +1,5 @@
+name: and-res-guard
+repository:
+  type: git
+  url: https://github.com/shwenzhang/AndResGuard
+url: https://github.com/shwenzhang/AndResGuard

data/and-res-guard/versions/f2c72f0/version.yml

@@ -0,0 +1,9 @@
+build:
+  classes: AndResGuard/AndResGuard-core/$gradle.default.classes
+  commands:
+  - gradle build
+  src: AndResGuard/AndResGuard-core/src
+misuses:
+- '1'
+- '2'
+revision: f03c69ad2860b5131c5489ca503843172a8f91e4

data/app-engine/misuses/1/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter (with value "AES") should be any of AES/{CBC, GCM, PCBC, CTR, CTS, CFB, OFB}
+location:
+  file: com/appengine/common/encrypt/AESEncrypter.java
+  method: "encrypt(String)"
+  line: 62
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/app-engine/misuses/2/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter (with value "AES") should be any of AES/{CBC, GCM, PCBC, CTR, CTS, CFB, OFB}
+location:
+  file: com/appengine/common/encrypt/AESEncrypter.java
+  method: "decrypt(String)"
+  line: 73
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/app-engine/misuses/3/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.spec.SecretKeySpec
+violations:
+- insecure/condition/randomization
+description: >
+  First parameter was not properly randomized
+location:
+  file: com/appengine/common/encrypt/AESEncrypter.java
+  method: "loadAesKey(String)"
+  line: 98
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/app-engine/misuses/4/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- java.security.MessageDigest
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter can have values either MD5 or SHA1 but they should be any of AES/{CBC, GCM, PCBC, CTR, CTS, CFB, OFB}
+location:
+  file: com/appengine/common/encrypt/Digests.java
+  method: "digest(InputStream, String)"
+  line: 95
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/app-engine/project.yml

@@ -0,0 +1,5 @@
+name: app-engine
+repository:
+  type: git
+  url: https://github.com/sofn/app-engine
+url: https://github.com/sofn/app-engine

data/app-engine/versions/db6d288/version.yml

@@ -0,0 +1,11 @@
+build:
+  classes: app-engine/common/$gradle.default.classes
+  commands:
+  - gradle compileJava
+  src: app-engine/common/src/main/java
+misuses:
+- '1'
+- '2'
+- '3'
+- '4'
+revision: db6d288c182cbda5b4d535be5c95f196c4e5aa9b

data/aws-sdk-java-v2/misuses/1/misuse.yml

@@ -0,0 +1,16 @@
+api:
+- javax.crypto.spec.SecretKeySpec
+violations:
+- insecure/condition/randomization
+description: >
+  First parameter while creating SecretKeySpec object i.e. new SecretKeySpec(byte[],SigningAlgorithm) was not properly randomized
+location:
+  file: software/amazon/awssdk/auth/signer/internal/AbstractAwsSigner.java
+  method: "sign(byte[], byte[], SigningAlgorithm)"
+  line: 146
+internal: false
+pattern:
+crash: false
+source: 
+  name: MSR 2019 Data Showcase A Dataset of Parametric Cryptographic Misuses by Wickert, Reif, Eichberg, Dodhy, and Mezini
+  url: https://github.com/akwick/MUBench/tree/thesis-2018-anam-dodhy

data/aws-sdk-java-v2/project.yml

@@ -0,0 +1,5 @@
+name: aws-sdk-java-v2
+repository:
+  type: git
+  url: https://github.com/aws/aws-sdk-java-v2
+url: https://github.com/aws/aws-sdk-java-v2

data/aws-sdk-java-v2/versions/ffb8095/version.yml

@@ -0,0 +1,8 @@
+build:
+  classes: core/auth/$mvn.default.classes
+  commands:
+  - mvn -pl :aws-core -am clean compile
+  src: core/auth/src/main/java/
+misuses:
+- '1'
+revision: ffb8095cab661a1f5318cb217eddde250626e44f