Back to library list

itext__itext

Column Insecure: Icon yes indicates the version is insecure, otherwise no
Column CryptoMisuse: Icon yes indicates the version has cryptographic API misuse, otherwise no
Version Insecure CryptoMisuse Rule name Method Statement Details
0.99 no       yes MessageDigest com.lowagie.text.pdf.PdfEncryption.<init>()V $r6 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer1720) First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfEncryption.createDocumentId()[B r0 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer1764) First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512}
1.1.4 no       yes MessageDigest com.lowagie.text.pdf.PdfEncryption.<init>()V $r6 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer6237) First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfEncryption.createDocumentId()[B r0 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer6262) First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.<init>(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;Ljava/lang/String;Ljava/lang/String;Z)V $r19 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>($r18) First parameter (with value "MD2") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.<init>(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;Ljava/lang/String;Ljava/lang/String;Z)V $r21 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String,java.lang.String)>($r20, r5) First parameter (with value "MD2") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.<init>([BLjava/lang/String;)V $r66 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>($r65) First parameter (with value "MD2") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.<init>([BLjava/lang/String;)V $r75 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String,java.lang.String)>($r74, r2) First parameter (with value "MD2") should be any of {SHA-256, SHA-384, SHA-512}
- - yes Signature com.lowagie.text.pdf.PdfPKCS7.<init>([B[BLjava/lang/String;)V $r15 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String,java.lang.String)>(varReplacer7209, r3) First parameter (with value "SHA1withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA}
- - yes Signature com.lowagie.text.pdf.PdfPKCS7.<init>([B[BLjava/lang/String;)V $r19 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String)>(varReplacer7208) First parameter (with value "SHA1withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.update([BII)V virtualinvoke $r3.<java.security.MessageDigest: void update(byte[],int,int)>(r1, i0, i1) Third parameter (with value 0)Variable pre_lenmust be greater than pre_off
- - yes Signature com.lowagie.text.pdf.PdfPKCS7.update([BII)V virtualinvoke $r5.<java.security.Signature: void update(byte[],int,int)>(r1, i0, i1) Unexpected call to method update on object of type java.security.Signature. Expect a call to one of the following methods initSign,initVerify
- - yes MessageDigest com.lowagie.text.pdf.PdfSignatureAppearance.preClose(Ljava/util/HashMap;)V virtualinvoke $r103.<com.lowagie.text.pdf.PdfSigGenericPKCS: void setSignInfo(java.security.PrivateKey,java.security.cert.Certificate[],java.security.cert.CRL[])>($r104, $r105, $r106) Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update
1.3 no       yes MessageDigest com.lowagie.text.pdf.PdfEncryption.<init>()V $r6 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer6214) First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfEncryption.createDocumentId()[B r0 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer6239) First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.<init>(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;Ljava/lang/String;Ljava/lang/String;Z)V $r18 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>($r17) First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.<init>(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;Ljava/lang/String;Ljava/lang/String;Z)V $r20 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String,java.lang.String)>($r19, r5) First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.<init>([BLjava/lang/String;)V $r59 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>($r58) First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.<init>([BLjava/lang/String;)V $r68 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String,java.lang.String)>($r67, r2) First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes Signature com.lowagie.text.pdf.PdfPKCS7.<init>([B[BLjava/lang/String;)V $r15 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String,java.lang.String)>(varReplacer7193, r3) First parameter (with value "SHA1withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA}
- - yes Signature com.lowagie.text.pdf.PdfPKCS7.<init>([B[BLjava/lang/String;)V $r19 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String)>(varReplacer7191) First parameter (with value "SHA1withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.update([BII)V virtualinvoke $r3.<java.security.MessageDigest: void update(byte[],int,int)>(r1, i0, i1) Third parameter (with value 0)Variable pre_lenmust be greater than pre_off
- - yes Signature com.lowagie.text.pdf.PdfPKCS7.update([BII)V virtualinvoke $r5.<java.security.Signature: void update(byte[],int,int)>(r1, i0, i1) Unexpected call to method update on object of type java.security.Signature. Expect a call to one of the following methods initSign,initVerify
- - yes MessageDigest com.lowagie.text.pdf.PdfSigGenericPKCS.setSignInfo(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;)V $r18 = virtualinvoke $r17.<com.lowagie.text.pdf.PdfPKCS7: byte[] getEncodedPKCS7()>() Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update
- - yes MessageDigest com.lowagie.text.pdf.PdfSigGenericPKCS.setSignInfo(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;)V specialinvoke $r4.<com.lowagie.text.pdf.PdfPKCS7: void <init>(java.security.PrivateKey,java.security.cert.Certificate[],java.security.cert.CRL[],java.lang.String,java.lang.String,boolean)>(r1, r2, r3, $r6, $r7, $z0) Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update
1.3.1 no       yes MessageDigest com.lowagie.text.pdf.PdfEncryption.<init>()V $r6 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer6515) First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfEncryption.createDocumentId()[B r0 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer6538) First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.<init>(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;Ljava/lang/String;Ljava/lang/String;Z)V $r19 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>($r18) First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.<init>(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;Ljava/lang/String;Ljava/lang/String;Z)V $r21 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String,java.lang.String)>($r20, r5) First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.<init>([BLjava/lang/String;)V $r66 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>($r65) First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.<init>([BLjava/lang/String;)V $r75 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String,java.lang.String)>($r74, r2) First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes Signature com.lowagie.text.pdf.PdfPKCS7.<init>([B[BLjava/lang/String;)V $r15 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String,java.lang.String)>(varReplacer7525, r3) First parameter (with value "SHA1withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA}
- - yes Signature com.lowagie.text.pdf.PdfPKCS7.<init>([B[BLjava/lang/String;)V $r19 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String)>(varReplacer7522) First parameter (with value "SHA1withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA}
- - yes MessageDigest com.lowagie.text.pdf.PdfPKCS7.update([BII)V virtualinvoke $r3.<java.security.MessageDigest: void update(byte[],int,int)>(r1, i0, i1) Third parameter (with value 1)Variable pre_lenmust be greater than pre_off
- - yes Signature com.lowagie.text.pdf.PdfPKCS7.update([BII)V virtualinvoke $r5.<java.security.Signature: void update(byte[],int,int)>(r1, i0, i1) Unexpected call to method update on object of type java.security.Signature. Expect a call to one of the following methods initSign,initVerify
- - yes MessageDigest com.lowagie.text.pdf.PdfSigGenericPKCS.setSignInfo(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;)V $r20 = virtualinvoke $r19.<com.lowagie.text.pdf.PdfPKCS7: java.security.cert.X509Certificate getSigningCertificate()>() Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update