Review

Detector:	MuDetectXP
Target:	project ' synthetic_jca ' version jsl
Misuse:	misuse ' aes-ecb-mode '
Tags:

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	Using "AES" in Cipher.getInstance defaults to "AES/EBC/PKCS5Padding". The mode "EBC" is unsafe, hence the default "AES" should not be used.
Fix Description:	Use "AES/CBC/PKCS5Padding" since "CBC" is safe.
Violation Types:	missing/condition/value_or_state
In File:	mubench/examples/jca/Encrypting.java
In Method:	encrypt(byte[], byte[])
Code with Misuse:	`class Encrypting { private static byte[] encrypt(byte[] key, byte[] content) throws Exception { // "AES" has an unsafe default configuration of "AES/ECB/PKCS5Padding" SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher c = Cipher.getInstance("AES"); c.init(Cipher.ENCRYPT_MODE, keySpec); return c.doFinal(content); } }`

Potential Hits

Findings of the detector that identify an anomaly in the same file and method as the known misuse.

Hit	Rank	Confidence	Confidence String	Pattern Examples	Pattern Support	Pattern Violation	Target Environment Mapping
?	2	0.22727272727272727	(pattern support = 5 / 7)(pattern violations = 1 / 3)(overlap = 21.00 / 22.00)	_examples/Commortel/ProjetCryptographie/latest/checkout/ProjetCryptographie/src/tools/CryptoTools.java#decrypt3DES(byte[], String) _examples/taonico/NicoLivePlayer/latest/checkout/NicoLivePlayer/src/jp/tao/nico/live/NicoCrypt.java#encrypt(String, String) _examples/Sankore/Editeur_Sankore---LENUOS-/latest/checkout/sources/lenuos/editor/src/com/paraschool/editor/server/URLPublicationNotifier.java#encrypt(String) _examples/freewind/webtend/latest/checkout/webtend/webtend/utils/Crypto.java#decryptAES(String, String) _examples/luiskcs89/thesiskunagi/latest/checkout/ilarkesto/src/main/java/ilarkesto/base/Crypt.java#decrypt(byte[], byte[])	5