Review

Detector:	MuDetect
Target:	project ' synthetic_jca ' version jsl
Misuse:	misuse ' aes-ecb-mode '
Tags:

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	Using "AES" in Cipher.getInstance defaults to "AES/EBC/PKCS5Padding". The mode "EBC" is unsafe, hence the default "AES" should not be used.
Fix Description:	Use "AES/CBC/PKCS5Padding" since "CBC" is safe.
Violation Types:	missing/condition/value_or_state
In File:	mubench/examples/jca/Encrypting.java
In Method:	encrypt(byte[], byte[])
Code with Misuse:	`class Encrypting { private static byte[] encrypt(byte[] key, byte[] content) throws Exception { // "AES" has an unsafe default configuration of "AES/ECB/PKCS5Padding" SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher c = Cipher.getInstance("AES"); c.init(Cipher.ENCRYPT_MODE, keySpec); return c.doFinal(content); } }`