[False Positive] In the correct scenario, a defect is also reported.

[HTQianqian]

TestCode:
1 package WeakEncryption.InadequateRSAPadding;
2
3 import javax.crypto.Cipher;
4
5 public class CWE780_WeakEncryption_InadequateRSAPadding_01 {
6 public void bad() throws Exception {
7 /* POTENTIAL FLAW: Not OAEP */
8 Cipher.getInstance("RSA");
9 }
10
11 public void good() throws Exception {
12 Cipher.getInstance("RSA/ECB/OAEPWithSHA-512AndMGF1Padding");
13 }
14 }

---

findings.json:
[{
"problem": false,
"locations": [{
"region": {
"endLine": 7,
"endColumn": 32,
"startColumn": 27,
"startLine": 7
},
"artifactLocation": {"uri": "file:/xxx/InadequateRSAPadding/CWE780_WeakEncryption_InadequateRSAPadding_01.java"}
}],
"logMsg": "Rule ID_2_01 verified",
"onfailIdentifier": "Invalid_TR21021_Cipher"
},{
"problem": false,
"locations": [{
"region": {
"endLine": 11,
"endColumn": 66,
"startColumn": 27,
"startLine": 11
},
"artifactLocation": {"uri": "file:/xxx/InadequateRSAPadding/CWE780_WeakEncryption_InadequateRSAPadding_01.java"}
}],
"logMsg": "Rule ID_2_01 verified",
"onfailIdentifier": "Invalid_TR21021_Cipher"
},{
"problem": true,
"locations": [],
"logMsg": "Rule BouncyCastleProvider_Cipher violated",
"onfailIdentifier": "InvalidProvider_Cipher"
},{
"problem": true,
"locations": [{
"region": {
"endLine": 11,
"endColumn": 66,
"startColumn": 27,
"startLine": 11
},
"artifactLocation": {"uri": "file:/xxx/InadequateRSAPadding/CWE780_WeakEncryption_InadequateRSAPadding_01.java"}
}],
"logMsg": "Rule ID_3_5_01 violated",
"onfailIdentifier": "InvalidRSAPadding"
},{
"problem": true,
"locations": [],
"logMsg": "Rule ID_3_5_01 violated",
"onfailIdentifier": "InvalidRSAPadding"
}]

---

Cipher.getInstance("RSA/ECB/OAEPWithSHA-512AndMGF1Padding");

I think it is a correct scenario, but a defect [InvalidRSAPadding] is also reported [Line Number 11]. The mark rule files shows that the algorithm name is case sensitive. Can it be case-insensitive?