Review

Detector:	GrouMiner
Target:	project ' jmrtd ' version 51
Misuse:	misuse ' 1 '
Tags:

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	DataOutputStream is left open.
Fix Description:	Add a call to DataOutputStream.close() (see diff)
Violation Types:	missing/call
In File:	sos/mrtd/SecureMessagingWrapper.java
In Method:	readDO8E(DataInputStream, byte[])
Code with Misuse:	`class SecureMessagingWrapper {` `/*` ` The <code>0x8E</code> tag has already been read.` `` ` @param in inputstream to read from.` `*/` `private void readDO8E(DataInputStream in, byte[] rapdu) throws IOException, GeneralSecurityException {` `int length = in.readUnsignedByte();` `if (length != 8) {` `throw new IllegalStateException("DO'8E wrong length");` `}` `byte[] cc1 = new byte[8];` `in.readFully(cc1);` `mac.init(ksMac);` `ByteArrayOutputStream out = new ByteArrayOutputStream();` `DataOutputStream dataOut = new DataOutputStream(out);` `ssc++;` `dataOut.writeLong(ssc);` `byte[] paddedData = Util.pad(rapdu, 0, rapdu.length - 2 - 8 - 2);` `dataOut.write(paddedData, 0, paddedData.length);` `dataOut.flush();` `byte[] cc2 = mac.doFinal(out.toByteArray());` `if (!Arrays.equals(cc1, cc2)) {` `throw new IllegalStateException("Incorrect MAC!");` `}` `}` `}`

Potential Hits

Findings of the detector that identify an anomaly in the same file and method as the known misuse.

Hit	Rank	Missing Edges	Missing Nodes	Overlap	Pattern	Rareness
?	4	ByteArrayOutputStream#write -> ByteArrayOutputStream#toByteArray	ByteArrayOutputStream#write			0.1