Review

Detector:	DMMC
Target:	project ' secure-tcp ' version aeba19a
Misuse:	misuse ' 1 '
Tags:

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	Uses DSA with defaults which is considered a bad practice.
Fix Description:
Violation Types:	missing/condition/value_or_state
In File:	org/network/stcp/server/SecureConnectionHandler.java
In Method:	run()
Code with Misuse:	class SecureConnectionHandler { @Override public void run() { InputStream is; OutputStream os; try { is = socket.getInputStream(); os = socket.getOutputStream(); } catch (IOException e) { throw new RuntimeException(e); } Certificate certificate = CertificateManager.getInstance().getCertificate(); Key privateKey = CertificateManager.getInstance().getPrivateKey(); byte[] certBytes; try { certBytes = certificate.getEncoded(); //send the certificate os.write(certBytes); ByteArrayOutputStream baos = new ByteArrayOutputStream(); byte[] buffer = new byte[1024]; while (is.read(buffer) != -1) { baos.write(buffer); } byte[] keyPacketEncrypted = baos.toByteArray(); Cipher privateCipher = Cipher.getInstance("DSA"); privateCipher.init(Cipher.DECRYPT_MODE, privateKey); byte[] keyPacketDecrypted = privateCipher.doFinal(keyPacketEncrypted); SecretKey secretKey = new SecretKeySpec(keyPacketDecrypted, "DSA"); Cipher communicationCipher = Cipher.getInstance("DSA"); communicationCipher.init(Cipher.DECRYPT_MODE, secretKey); byte[] dataBuffer = new byte[1024 * 4]; while (is.read(dataBuffer) != -1) { byte[] encryptedData = communicationCipher.doFinal(dataBuffer); handler.handle(encryptedData); } } catch (CertificateEncodingException e) { throw new RuntimeException(e); } catch (IOException e) { throw new RuntimeException(e); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } catch (NoSuchPaddingException e) { throw new RuntimeException(e); } catch (InvalidKeyException e) { throw new RuntimeException(e); } catch (BadPaddingException e) { throw new RuntimeException(e); } catch (IllegalBlockSizeException e) { throw new RuntimeException(e); } } }
Code with Pattern(s):	public class AES { public void encrypt(String strDataToEncrypt) { try { KeyGenerator keyGen = KeyGenerator.getInstance("AES"); keyGen.init(128); SecretKey secretKey = keyGen.generateKey(); final int AES_KEYLENGTH = 128; byte[] iv = new byte[AES_KEYLENGTH / 8]; SecureRandom prng = new SecureRandom(); prng.nextBytes(iv); Cipher aesCipherForEncryption = Cipher.getInstance("AES/CBC/PKCS7Padding"); aesCipherForEncryption.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(iv)); byte[] byteDataToEncrypt = strDataToEncrypt.getBytes(); byte[] byteCipherText = aesCipherForEncryption.doFinal(byteDataToEncrypt); } catch (NoSuchAlgorithmException noSuchAlgo) { } catch (NoSuchPaddingException noSuchPad) { } catch (InvalidKeyException invalidKey) { } catch (BadPaddingException badPadding) { } catch (IllegalBlockSizeException illegalBlockSize) { } catch (InvalidAlgorithmParameterException invalidParam) { } } public void decrypt(byte[] cipherText, SecretKey secretKey, byte[] iv){ try { Cipher aesCipherForDecryption = Cipher.getInstance("AES/CBC/PKCS7Padding"); aesCipherForDecryption.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv)); byte[] byteDecryptedText = aesCipherForDecryption.doFinal(cipherText); String decryptedText = new String(byteDecryptedText); } catch (NoSuchAlgorithmException noSuchAlgo) { } catch (NoSuchPaddingException noSuchPad) { } catch (InvalidKeyException invalidKey) { } catch (BadPaddingException badPadding) { } catch (IllegalBlockSizeException illegalBlockSize) { } catch (InvalidAlgorithmParameterException invalidParam) { } } }