Review

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	Uses AES with default mode and padding which is considered a bad practice.
Fix Description:
Violation Types:	missing/condition/value_or_state
In File:	com/vouov/yapps/util/AESUtils.java
In Method:	aes(int, String, byte[])
Code with Misuse:	class AESUtils { /** * AES 加解密 * @param mode * @param password * @param textBytes * @return * @throws Exception */ public static byte[] aes(int mode, String password, byte[] textBytes) throws Exception{ KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); //for windows and linux, the secure random need select a algorithm SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG"); secureRandom.setSeed(password.getBytes("utf-8")); keyGenerator.init(128, secureRandom); SecretKey secretKey = keyGenerator.generateKey(); byte[] encoded = secretKey.getEncoded(); SecretKeySpec secretKeySpec = new SecretKeySpec(encoded, "AES"); Cipher cipher = Cipher.getInstance("AES");// 创建密码器 cipher.init(mode, secretKeySpec);// 初始化 return cipher.doFinal(textBytes); } }