stg-tud · akwick · Jun 5, 2018 · Jun 8, 2018 · Jun 11, 2018 · Jun 11, 2018
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-<img align="right" width="320" height="320" alt="MUBench Logo" src="./meta/logo.png?raw=true" />
+<img align="right" width="320" height="320" alt="MUBench Logo" src="./meta/logo.png?raw=true" />
 
 # MUBench
 

diff --git a/data/README.md b/data/README.md
@@ -249,4 +249,4 @@ Please create a [new issue](https://github.com/stg-tud/MUBench/issues/new) with
 * A short description of the misuse and its fix.
 * Instructions how to checkout and compile the project with the misuse from version control.
 * The exact location of the misuse in the project's source code (file, class, and method).
-* (Optional) A link to an issue report that uncovered the misuse.
+* (Optional) A link to an issue report that uncovered the misuse.
diff --git a/data/abixen-platform/misuses/1/misuse.yml b/data/abixen-platform/misuses/1/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- javax.crypto.spec.IvParameterSpec
+violations:
+- insecure/condition/randomization
+description: >
+  First parameter while initializing the IvParameterSpec object was not properly randomized.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "decryptPassword(String)"
+  line: 66
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/abixen-platform/misuses/2/misuse.yml b/data/abixen-platform/misuses/2/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/key
+description: >
+  Second parameter while initializing the Cipher object was not properly generatedKey.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "decryptPassword(String)"
+  line: 66
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/abixen-platform/misuses/3/misuse.yml b/data/abixen-platform/misuses/3/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter in Cipher.getInstance(String) is with value "AES/CBC/PKCS5PADDING" which should be any of AES/CBC/{Empty String, PKCS7Padding, PKCS5Padding, ISO10126Padding}.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "decryptPassword(String)"
+  line: 65
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/abixen-platform/misuses/4/misuse.yml b/data/abixen-platform/misuses/4/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/IV
+description: >
+  Third parameter while initializing the Cipher object was not properly preparedIV.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "decryptPassword(String)"
+  line: 66
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/abixen-platform/misuses/5/misuse.yml b/data/abixen-platform/misuses/5/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter in Cipher.getInstance(String) is with value "AES/CBC/PKCS5PADDING" which should be any of AES/CBC/{Empty String, PKCS7Padding, PKCS5Padding, ISO10126Padding}.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "encryptPassword(String)"
+  line: 54
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/abixen-platform/misuses/6/misuse.yml b/data/abixen-platform/misuses/6/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- javax.crypto.spec.IvParameterSpec
+violations:
+- insecure/condition/randomization
+description: >
+  First parameter while initializing the IvParameterSpec object was not properly randomized.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "encryptPassword(String)"
+  line: 55
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/abixen-platform/misuses/7/misuse.yml b/data/abixen-platform/misuses/7/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/key
+description: >
+  Second parameter while initializing the Cipher object was not properly generatedKey.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "encryptPassword(String)"
+  line: 55
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/abixen-platform/misuses/8/misuse.yml b/data/abixen-platform/misuses/8/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/IV
+description: >
+  Third parameter while initializing the Cipher object was not properly preparedIV.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "encryptPassword(String)"
+  line: 55
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/abixen-platform/misuses/9/misuse.yml b/data/abixen-platform/misuses/9/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- javax.crypto.spec.SecretKeySpec
+violations:
+- insecure/condition/randomization
+description: >
+  First parameter while initializing the SecretKeySpec object was not properly randomized.
+location:
+  file: com/abixen/platform/service/businessintelligence/multivisualisation/domain/model/util/AES128Encoder.java
+  method: "generateKey(String)"
+  line: 39
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/abixen-platform/project.yml b/data/abixen-platform/project.yml
@@ -0,0 +1,5 @@
+name: abixen-platform
+repository:
+  type: git
+  url: https://github.com/abixen/abixen-platform
+url: https://github.com/abixen/abixen-platform
diff --git a/data/abixen-platform/versions/99fe499/version.yml b/data/abixen-platform/versions/99fe499/version.yml
@@ -0,0 +1,16 @@
+build:
+ classes: abixen-platform-business-intelligence-service/target/classes
+ commands:
+ - mvn -pl :abixen-platform-web-content-service -am clean install
+ src: abixen-platform-business-intelligence-service/src/
+misuses:
+- '1'
+- '2'
+- '3'   
+- '4'
+- '5'
+- '6'
+- '7'
+- '8'
+- '9'
+revision: 99fe4994a70be92078545add013bb3bcdc089360
diff --git a/data/aliyun-oss-java-sdk/misuses/1/misuse.yml b/data/aliyun-oss-java-sdk/misuses/1/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- java.security.MessageDigest
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter in MessageDigest.getInstance(String) is with value "MD5" which should be any of {SHA-256, SHA-384, SHA-512}.
+location:
+  file: com/aliyun/oss/common/utils/BinaryUtil.java
+  method: "calculateMd5(byte[])"
+  line: 43
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/aliyun-oss-java-sdk/misuses/2/misuse.yml b/data/aliyun-oss-java-sdk/misuses/2/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- javax.crypto.spec.SecretKeySpec
+violations:
+- insecure/condition/randomization
+description: >
+  First parameter while initializing SecretKeySpec object was not properly randomized.
+location:
+  file: com/aliyun/oss/common/utils/BinaryUtil.java
+  method: "sign(byte[], byte[])"
+  line: 87
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/aliyun-oss-java-sdk/project.yml b/data/aliyun-oss-java-sdk/project.yml
@@ -0,0 +1,5 @@
+name: aliyun-oss-java-sdk
+repository:
+  type: git
+  url: https://github.com/aliyun/aliyun-oss-java-sdk
+url: https://github.com/aliyun/aliyun-oss-java-sdk
diff --git a/data/aliyun-oss-java-sdk/versions/196cf71/version.yml b/data/aliyun-oss-java-sdk/versions/196cf71/version.yml
@@ -0,0 +1,9 @@
+build:
+  classes: target/classes
+  commands:
+  - mvn clean compile
+  src: /src/main/java/
+misuses:
+- '1'
+- '2'
+revision: 196cf711417df73a72e0dc2f84a8f3a03c8371c2
diff --git a/data/and-res-guard/misuses/1/misuse.yml b/data/and-res-guard/misuses/1/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- java.security.MessageDigest
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
+location:
+  file: main/java/apksigner/ApkSignerTool.java
+  method: "verify(String[])"
+  line: 419
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/and-res-guard/misuses/2/misuse.yml b/data/and-res-guard/misuses/2/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- java.security.MessageDigest
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
+location:
+  file: main/java/apksigner/ApkSignerTool.java
+  method: "verify(String[])"
+  line: 420
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/and-res-guard/project.yml b/data/and-res-guard/project.yml
@@ -0,0 +1,5 @@
+name: and-res-guard
+repository:
+  type: git
+  url: https://github.com/shwenzhang/AndResGuard
+url: https://github.com/shwenzhang/AndResGuard
diff --git a/data/and-res-guard/versions/f2c72f0/version.yml b/data/and-res-guard/versions/f2c72f0/version.yml
@@ -0,0 +1,9 @@
+build:
+  classes: AndResGuard/AndResGuard-core/build/classes/java/main
+  commands:
+  - gradle build
+  src: AndResGuard/AndResGuard-core/src
+misuses:
+- '1'
+- '2'
+revision: f03c69ad2860b5131c5489ca503843172a8f91e4
diff --git a/data/app-engine/misuses/1/misuse.yml b/data/app-engine/misuses/1/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter (with value "AES") should be any of AES/{CBC, GCM, PCBC, CTR, CTS, CFB, OFB}
+location:
+  file: com/appengine/common/encrypt/AESEncrypter.java
+  method: "encrypt(String)"
+  line: 62
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/app-engine/misuses/2/misuse.yml b/data/app-engine/misuses/2/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- javax.crypto.Cipher
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter (with value "AES") should be any of AES/{CBC, GCM, PCBC, CTR, CTS, CFB, OFB}
+location:
+  file: com/appengine/common/encrypt/AESEncrypter.java
+  method: "decrypt(String)"
+  line: 73
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/app-engine/misuses/3/misuse.yml b/data/app-engine/misuses/3/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- javax.crypto.spec.SecretKeySpec
+violations:
+- insecure/condition/randomization
+description: >
+  First parameter was not properly randomized
+location:
+  file: com/appengine/common/encrypt/AESEncrypter.java
+  method: "loadAesKey(String)"
+  line: 98
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/app-engine/misuses/4/misuse.yml b/data/app-engine/misuses/4/misuse.yml
@@ -0,0 +1,15 @@
+api:
+- java.security.MessageDigest
+violations:
+- insecure/condition/transformation
+description: >
+  First parameter can have values either MD5 or SHA1 but they should be any of AES/{CBC, GCM, PCBC, CTR, CTS, CFB, OFB}
+location:
+  file: com/appengine/common/encrypt/Digests.java
+  method: "digest(InputStream, String)"
+  line: 95
+internal:
+pattern:
+crash: false
+source:
+  name:
diff --git a/data/app-engine/project.yml b/data/app-engine/project.yml
@@ -0,0 +1,5 @@
+name: app-engine
+repository:
+  type: git
+  url: https://github.com/sofn/app-engine
+url: https://github.com/sofn/app-engine
diff --git a/data/app-engine/versions/db6d288/version.yml b/data/app-engine/versions/db6d288/version.yml
@@ -0,0 +1,11 @@
+build:
+  classes: app-engine/common/build/classes/java/main
+  commands:
+  - gradle compileJava
+  src: app-engine/common/src/main/java
+misuses:
+- '1'
+- '2'
+- '3'
+- '4'
+revision: db6d288c182cbda5b4d535be5c95f196c4e5aa9b