You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The built-in methods (alg, mode, padding, and so on) do not work in the REQUIRES section. For example, in the Cipher rule, we have generatedkey[key, alg(transformation)], but the alg does not function and it is interpreted as generatedkey[key, transformation].
The problem is in the Domainmodel that is generated from the rule in readRule method in cryslParser class. The required predicates will be extracted from the Domainmodel and in case of a predicate in the REQUIRES section that has a built-in method, the variable of that predicate with a built-in method, should have "part" part, otherwise it is considered as a variable without a built-in method.
To Reproduce
Steps to reproduce the behavior:
Take this code and analyze it, it throws an error "Second parameter was not properly generated as generated Key", which is a false positive.
public main(String[] args, SecretKey key, byte[] text) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
SecureRandom secureRandom = new SecureRandom();
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(128, secureRandom);
SecretKey secretKey = kg.generateKey();
c.init(Cipher.ENCRYPT_MODE, secretKey);
c.doFinal(text);
}
Expected behavior
This code should not throw any errors.
Desktop (please complete the following information):
OS: Windows 10
The text was updated successfully, but these errors were encountered:
marvinvo
added a commit
to marvinvo/CogniCrypt
that referenced
this issue
Jan 22, 2022
The previous parsing code was actually a dublicate of the getPredicate() method, but it had no check for the “consPred” field, in which ‘alg(’, ‘mode(’ and ‘pad(’ is defined.
Describe the bug
The built-in methods (alg, mode, padding, and so on) do not work in the REQUIRES section. For example, in the Cipher rule, we have generatedkey[key, alg(transformation)], but the alg does not function and it is interpreted as generatedkey[key, transformation].
The problem is in the Domainmodel that is generated from the rule in readRule method in cryslParser class. The required predicates will be extracted from the Domainmodel and in case of a predicate in the REQUIRES section that has a built-in method, the variable of that predicate with a built-in method, should have "part" part, otherwise it is considered as a variable without a built-in method.
To Reproduce
Steps to reproduce the behavior:
Take this code and analyze it, it throws an error "Second parameter was not properly generated as generated Key", which is a false positive.
Expected behavior
This code should not throw any errors.
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: