Back to library list
biz.aQute__bnd
Column Insecure: Icon 
indicates the version is insecure, otherwise 
Column CryptoMisuse: Icon indicates the version has cryptographic API misuse, otherwise
indicates the version is insecure, otherwise
Column CryptoMisuse: Icon
indicates the version has cryptographic API misuse, otherwise
| Version | Insecure | CryptoMisuse | Rule name | Method | Statement | Details |
|---|---|---|---|---|---|---|
| 0.0.160 |
|
|
HttpConnection | aQute.bnd.url.BndConnection.getInputStream()Ljava/io/InputStream; | specialinvoke $r7.<java.net.URL: void <init>(java.lang.String)>($r8) | First parameter (with value "http://repo.mergere.com/maven2/, http://download.java.net/maven/2/,http://repo1.maven.org/maven2/") should be any of http://{Empty String} |
| 0.0.169 |
|
|
HttpConnection | aQute.bnd.url.BndConnection.getInputStream()Ljava/io/InputStream; | specialinvoke $r7.<java.net.URL: void <init>(java.lang.String)>($r8) | First parameter (with value "http://repo.mergere.com/maven2/, http://download.java.net/maven/2/,http://repo1.maven.org/maven2/") should be any of http://{Empty String} |
| 0.0.384 |
|
|
KeyStore | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | $r36 = virtualinvoke r6.<java.security.KeyStore: java.security.KeyStore$Entry getEntry(java.lang.String,java.security.KeyStore$ProtectionParameter)>($r34, $r32) | Operation on object of type java.security.KeyStore object not completed. Expected call to getKey |
| - | - |
|
KeyStore | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | virtualinvoke r6.<java.security.KeyStore: void load(java.io.InputStream,char[])>(r63, $r64) | Second parameter should never be of type java.lang.String. |
| - | - |
|
MessageDigest | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | r5 = specialinvoke r0.<aQute.bnd.signing.Signer: byte[] doSignatureFile(java.lang.String[],java.security.MessageDigest[],byte[])>($r25, r2, r4) | Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update |
| - | - |
|
MessageDigest | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | r6 = virtualinvoke $r10.<java.security.MessageDigest: byte[] digest(byte[])>(r3) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | r8 = virtualinvoke $r26.<java.security.MessageDigest: byte[] digest()>() | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | virtualinvoke $r6.<java.security.MessageDigest: void update(byte[],int,int)>(r4, varReplacer1778, i0) | Unexpected call to method update on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
Signature | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | r7 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String)>(varReplacer1772) | First parameter (with value "MD5withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA} |
| - | - |
|
Signature | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | virtualinvoke r7.<java.security.Signature: void initSign(java.security.PrivateKey)>(r67) | First parameter was not properly generated as generated Privkey |
| 1.50.0 |
|
|
MessageDigest | aQute.bnd.maven.support.MavenEntry.verify(Ljava/net/URI;Ljava/lang/String;Ljava/lang/String;)Z | r8 = virtualinvoke r7.<java.security.MessageDigest: byte[] digest()>() | Unexpected call to method <java.security.MessageDigest: byte[] digest()> on object of type java.security.MessageDigest. Expect a call to one of the following methods <java.security.MessageDigest: void update(byte[])>,<java.security.MessageDigest: void update(byte[],int,int)>,<java.security.MessageDigest: byte[] digest(byte[])>,<java.security.MessageDigest: void update(java.nio.ByteBuffer)>,<java.security.MessageDigest: void update(byte)> |
| - | - |
|
KeyStore | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | $r36 = virtualinvoke r6.<java.security.KeyStore: java.security.KeyStore$Entry getEntry(java.lang.String,java.security.KeyStore$ProtectionParameter)>($r34, $r32) | Operation on object of type java.security.KeyStore object not completed. Expected call to getKey |
| - | - |
|
KeyStore | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | virtualinvoke r6.<java.security.KeyStore: void load(java.io.InputStream,char[])>(r63, $r64) | Second parameter should never be of type java.lang.String. |
| - | - |
|
MessageDigest | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | r5 = specialinvoke r0.<aQute.bnd.signing.Signer: byte[] doSignatureFile(java.lang.String[],java.security.MessageDigest[],byte[])>($r25, r2, r4) | Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update |
| - | - |
|
MessageDigest | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | r6 = virtualinvoke $r10.<java.security.MessageDigest: byte[] digest(byte[])>(r3) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | r8 = virtualinvoke $r26.<java.security.MessageDigest: byte[] digest()>() | Unexpected call to method <java.security.MessageDigest: byte[] digest()> on object of type java.security.MessageDigest. Expect a call to one of the following methods <java.security.MessageDigest: void update(byte[])>,<java.security.MessageDigest: void update(byte[],int,int)>,<java.security.MessageDigest: byte[] digest(byte[])>,<java.security.MessageDigest: void update(java.nio.ByteBuffer)>,<java.security.MessageDigest: void update(byte)> |
| - | - |
|
MessageDigest | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | virtualinvoke $r6.<java.security.MessageDigest: void update(byte[],int,int)>(r4, varReplacer3241, i0) | Third parameter (with value 0)Variable pre_lenmust be greater than pre_off |
| - | - |
|
MessageDigest | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | virtualinvoke $r6.<java.security.MessageDigest: void update(byte[],int,int)>(r4, varReplacer3241, i0) | Unexpected call to method update on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
Signature | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | r7 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String)>(varReplacer3225) | First parameter (with value "MD5withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA} |
| - | - |
|
Signature | aQute.bnd.signing.Signer.signJar(LaQute/lib/osgi/Jar;)V | virtualinvoke r7.<java.security.Signature: void initSign(java.security.PrivateKey)>(r67) | First parameter was not properly generated as generated Privkey |
| - | - |
|
MessageDigest | aQute.lib.osgi.Analyzer._md5([Ljava/lang/String;)Ljava/lang/String; | $r21 = virtualinvoke $r20.<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.Object)>(r2) | Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update |
| - | - |
|
MessageDigest | aQute.lib.osgi.Jar.calcChecksums([Ljava/lang/String;)V | $r19 = virtualinvoke r46.<java.security.MessageDigest: byte[] digest()>() | Operation on object of type java.security.MessageDigest object not completed. Expected call to <java.security.MessageDigest: byte[] digest(byte[])>, <java.security.MessageDigest: byte[] digest()>, <java.security.MessageDigest: int digest(byte[],int,int)>, update |
| - | - |
|
MessageDigest | aQute.lib.osgi.Jar.calcChecksums([Ljava/lang/String;)V | $r19 = virtualinvoke r46.<java.security.MessageDigest: byte[] digest()>() | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | aQute.lib.osgi.Jar.calcChecksums([Ljava/lang/String;)V | virtualinvoke r43.<java.security.MessageDigest: void reset()>() | Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update |
| - | - |
|
MessageDigest | aQute.lib.osgi.Jar.calcChecksums([Ljava/lang/String;)V | virtualinvoke r43.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
MessageDigest | aQute.lib.osgi.Jar.calcChecksums([Ljava/lang/String;)V | virtualinvoke r44.<java.security.MessageDigest: void update(byte[],int,int)>(r37, varReplacer4647, i7) | Operation on object of type java.security.MessageDigest object not completed. Expected call to <java.security.MessageDigest: void update(byte[])>, <java.security.MessageDigest: void update(byte[],int,int)>, digest, <java.security.MessageDigest: void update(java.nio.ByteBuffer)>, <java.security.MessageDigest: void update(byte)> |
| - | - |
|
MessageDigest | aQute.lib.osgi.Jar.calcChecksums([Ljava/lang/String;)V | virtualinvoke r44.<java.security.MessageDigest: void update(byte[],int,int)>(r37, varReplacer4647, i7) | Third parameter (with value 0)Variable pre_lenmust be greater than pre_off |
| - | - |
|
MessageDigest | aQute.lib.osgi.Jar.calcChecksums([Ljava/lang/String;)V | virtualinvoke r44.<java.security.MessageDigest: void update(byte[],int,int)>(r37, varReplacer4647, i7) | Unexpected call to method update on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
Signature | aQute.libg.cryptography.Crypto.signer(Ljava/security/PrivateKey;LaQute/libg/cryptography/Digester;)LaQute/libg/cryptography/Signer; | specialinvoke $r10.<aQute.libg.cryptography.Signer: void <init>(java.security.Signature,aQute.libg.cryptography.Digester)>(r2, r1) | Operation on object of type java.security.Signature object not completed. Expected call to initSign, initVerify |
| - | - |
|
Signature | aQute.libg.cryptography.Crypto.verifier(Ljava/security/PublicKey;LaQute/libg/cryptography/Digest;)LaQute/libg/cryptography/Verifier; | specialinvoke $r10.<aQute.libg.cryptography.Verifier: void <init>(java.security.Signature,aQute.libg.cryptography.Digest)>(r2, r1) | Operation on object of type java.security.Signature object not completed. Expected call to initSign, initVerify |
| - | - |
|
MessageDigest | aQute.libg.cryptography.MD5.getDigester()LaQute/libg/cryptography/Digester; | $r1 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer5394) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | aQute.libg.cryptography.MD5$1.digest()LaQute/libg/cryptography/MD5; | $r3 = virtualinvoke $r2.<java.security.MessageDigest: byte[] digest()>() | Unexpected call to method <java.security.MessageDigest: byte[] digest()> on object of type java.security.MessageDigest. Expect a call to one of the following methods <java.security.MessageDigest: void update(byte[])>,<java.security.MessageDigest: void update(byte[],int,int)>,<java.security.MessageDigest: byte[] digest(byte[])>,<java.security.MessageDigest: void update(java.nio.ByteBuffer)>,<java.security.MessageDigest: void update(byte)> |
| - | - |
|
KeyPairGenerator | aQute.libg.cryptography.RSA.generate()LaQute/libg/tuple/Pair; | r1 = virtualinvoke r0.<java.security.KeyPairGenerator: java.security.KeyPair generateKeyPair()>() | Unexpected call to method generateKeyPair on object of type java.security.KeyPairGenerator. Expect a call to one of the following methods initialize |
| - | - |
|
MessageDigest | aQute.libg.cryptography.SHA1.getDigester()LaQute/libg/cryptography/Digester; | r0 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer5401) | First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | aQute.libg.cryptography.SHA1$1.digest()LaQute/libg/cryptography/SHA1; | $r3 = virtualinvoke $r2.<java.security.MessageDigest: byte[] digest()>() | Unexpected call to method <java.security.MessageDigest: byte[] digest()> on object of type java.security.MessageDigest. Expect a call to one of the following methods <java.security.MessageDigest: void update(byte[])>,<java.security.MessageDigest: void update(byte[],int,int)>,<java.security.MessageDigest: byte[] digest(byte[])>,<java.security.MessageDigest: void update(java.nio.ByteBuffer)>,<java.security.MessageDigest: void update(byte)> |