Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve error messages for KeyGenerator and Cipher #183

Open
ericbodden opened this issue May 18, 2018 · 5 comments
Open

Improve error messages for KeyGenerator and Cipher #183

ericbodden opened this issue May 18, 2018 · 5 comments
Assignees
@johspaeth
Labels
enhancement SAST

Comments

@ericbodden
Copy link

I am not sure whether this is a problem with the rule set or tool:

When I specify...

	KeyGenerator kg = KeyGenerator.getInstance("RSA");
	Cipher c = Cipher.getInstance("AES/CBC");
	c.init(Cipher.ENCRYPT_MODE, key, iv);

... then at the KeyGenerator, CogniCrypt tells me to use any of AES, BlowFish, DESede, ... when it should really only be AES, as the Cipher is clearly using AES. It was my understanding that our rules should be able to encode this.

Cheers
Eric
@johspaeth
Copy link
Contributor

It is just not implemented within the tool yet.

@ericbodden
Copy link
Author

Would be really nice to have. (and is confusing if we don't have it)

@johspaeth
Copy link
Contributor

Yes, I agree. I discussed it with Stefan:
Actually, there should be an error marker at the init call saying "No predicate generatedKey received for key". If we make the error marker text more explicit to include for "AES" it would be more helpful.

@kruegers
Copy link
Member

@johspaeth If I remember correctly, you said, you fixed this issue. Is that right?

@johspaeth
Copy link
Contributor

No, I didn't and it is related to this one. I don't know when I will have time to fix it.

@kruegers kruegers removed their assignment Jul 26, 2018
@kruegers kruegers added the SAST label Oct 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johspaeth johspaeth

Labels
enhancement SAST
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@johspaeth @ericbodden @kruegers