Review

Detector:	MuDetectXP
Target:	project ' chensun ' version cf23b99
Misuse:	misuse ' 2 '
Tags:

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	Uses a non-random key in CBC mode.
Fix Description:
Violation Types:	missing/condition/value_or_state
In File:	server/generateChecksumPostsAndReplies.java
In Method:	main(String[])
Code with Misuse:	class generateChecksumPostsAndReplies { /** * @param args / public static void main(String[] args) throws Exception{ /make decoder*/ DESKeySpec keySpec = new DESKeySpec(CryptoUtil.decode("92LlYoVU1hU=")); SecretKeyFactory factory = SecretKeyFactory.getInstance("DES"); SecretKey key = factory.generateSecret(keySpec); byte[] iv = CryptoUtil.decode(decAndCheck.substring(0, 12)); Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding"); IvParameterSpec ivSpec = new IvParameterSpec(iv); c.init(Cipher.DECRYPT_MODE, key, ivSpec); byte[] content = c.doFinal(CryptoUtil.decode(decAndCheck.substring(12))); System.out.println(new String(content, "UTF8")); byte[] checksum = Hash.generateChecksum(content); System.out.println("\"" + CryptoUtil.encode(checksum) + "\""); } }

Potential Hits

Findings of the detector that identify an anomaly in the same file and method as the known misuse.

Hit	Rank	Confidence	Confidence String	Pattern Examples	Pattern Support	Pattern Violation	Target Environment Mapping
No	0	0.6666666666666667	(pattern support = 5 / 6)(pattern violations = 1 / 1)(overlap = 12.00 / 15.00)	_examples/xiedantibu/chinimei/latest/checkout/src/com/xlm/meishichina/util/CyptoUtils.java#encode(String, String) _examples/CloudSide/VdiskSDK-Android/latest/checkout/VDiskSdk/src/com/vdisk/utils/DesEncrypt.java#getEncCode(byte[]) _examples/xiedantibu/chinimei/latest/checkout/src/com/xlm/meishichina/util/CyptoUtils.java#decode(String, String) _examples/headsupdev/license/latest/checkout/src/main/java/org/headsupdev/license/LicenseEncoder.java#encode(byte[]) _examples/CloudSide/VdiskSDK-Android/latest/checkout/VDiskSdk/src/com/vdisk/utils/DesEncrypt.java#getDesCode(byte[])	5

Reviewer Name:	sven
Comment: