Review

Detector:	MuDetectXP
Target:	project ' synthetic_jca ' version jsl
Misuse:	misuse ' static-key '
Tags:

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	The key used is defined statically in the code.
Fix Description:	Generate a non-predictable key.
Violation Types:	missing/condition/value_or_state
In File:	mubench/examples/jca/Encrypting.java
In Method:	encryptWithKey(byte[])
Code with Misuse:	`class Encrypting { public static byte[] encryptWithKey(byte[] content) throws Exception { // using a constant key is unsafe SecretKeySpec keySpec = new SecretKeySpec("RAS".getBytes("UTF-8"), "AES/CBC/PKCS5Padding"); Cipher c = Cipher.getInstance("AES"); c.init(Cipher.ENCRYPT_MODE, keySpec); return c.doFinal(content); } }`

Potential Hits

Findings of the detector that identify an anomaly in the same file and method as the known misuse.

Hit	Rank	Confidence	Confidence String	Pattern Examples	Pattern Support	Pattern Violation	Target Environment Mapping
?	1	0.3	(pattern support = 7 / 7)(pattern violations = 1 / 2)(overlap = 12.00 / 20.00)	_examples/ltguide/AppEngine-MineBackup/latest/checkout/src/ltguide/minebackup/MineBackup.java#sign(String, String, String, String) _examples/slok/mdissphoto/latest/checkout/mdiss-api/src/main/java/org/mdissjava/api/helpers/ApiHelper.java#calculateHMAC(String, String, String, String, String) _examples/Semantria/semantria-sdk/latest/checkout/Java/src/main/java/com/semantria/utils/AuthRequest.java#signRequest(String, String) _examples/michael-andre/Wapplix/latest/checkout/src/main/java/com/wapplix/data/OAuth10Signer.java#getSignature(String, String) _examples/tcz001/SNSCrawlerOSGiFramework/latest/checkout/ScribeOAuthAPIBundle/src/main/java/org/scribe/services/HMACSha1SignatureService.java#doSign(String, String)	7
?	3	0.22727272727272727	(pattern support = 5 / 7)(pattern violations = 1 / 3)(overlap = 21.00 / 22.00)	_examples/Commortel/ProjetCryptographie/latest/checkout/ProjetCryptographie/src/tools/CryptoTools.java#decrypt3DES(byte[], String) _examples/taonico/NicoLivePlayer/latest/checkout/NicoLivePlayer/src/jp/tao/nico/live/NicoCrypt.java#encrypt(String, String) _examples/Sankore/Editeur_Sankore---LENUOS-/latest/checkout/sources/lenuos/editor/src/com/paraschool/editor/server/URLPublicationNotifier.java#encrypt(String) _examples/freewind/webtend/latest/checkout/webtend/webtend/utils/Crypto.java#decryptAES(String, String) _examples/luiskcs89/thesiskunagi/latest/checkout/ilarkesto/src/main/java/ilarkesto/base/Crypt.java#decrypt(byte[], byte[])	5