Back to library list
itext__itext
Column Insecure: Icon 
indicates the version is insecure, otherwise 
Column CryptoMisuse: Icon indicates the version has cryptographic API misuse, otherwise
indicates the version is insecure, otherwise
Column CryptoMisuse: Icon
indicates the version has cryptographic API misuse, otherwise
| Version | Insecure | CryptoMisuse | Rule name | Method | Statement | Details |
|---|---|---|---|---|---|---|
| 0.99 |
|
|
MessageDigest | com.lowagie.text.pdf.PdfEncryption.<init>()V | $r6 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer1720) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfEncryption.createDocumentId()[B | r0 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer1764) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| 1.1.4 |
|
|
MessageDigest | com.lowagie.text.pdf.PdfEncryption.<init>()V | $r6 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer6237) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfEncryption.createDocumentId()[B | r0 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer6262) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.<init>(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;Ljava/lang/String;Ljava/lang/String;Z)V | $r19 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>($r18) | First parameter (with value "MD2") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.<init>(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;Ljava/lang/String;Ljava/lang/String;Z)V | $r21 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String,java.lang.String)>($r20, r5) | First parameter (with value "MD2") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.<init>([BLjava/lang/String;)V | $r66 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>($r65) | First parameter (with value "MD2") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.<init>([BLjava/lang/String;)V | $r75 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String,java.lang.String)>($r74, r2) | First parameter (with value "MD2") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
Signature | com.lowagie.text.pdf.PdfPKCS7.<init>([B[BLjava/lang/String;)V | $r15 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String,java.lang.String)>(varReplacer7209, r3) | First parameter (with value "SHA1withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA} |
| - | - |
|
Signature | com.lowagie.text.pdf.PdfPKCS7.<init>([B[BLjava/lang/String;)V | $r19 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String)>(varReplacer7208) | First parameter (with value "SHA1withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.update([BII)V | virtualinvoke $r3.<java.security.MessageDigest: void update(byte[],int,int)>(r1, i0, i1) | Third parameter (with value 0)Variable pre_lenmust be greater than pre_off |
| - | - |
|
Signature | com.lowagie.text.pdf.PdfPKCS7.update([BII)V | virtualinvoke $r5.<java.security.Signature: void update(byte[],int,int)>(r1, i0, i1) | Unexpected call to method update on object of type java.security.Signature. Expect a call to one of the following methods initSign,initVerify |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfSignatureAppearance.preClose(Ljava/util/HashMap;)V | virtualinvoke $r103.<com.lowagie.text.pdf.PdfSigGenericPKCS: void setSignInfo(java.security.PrivateKey,java.security.cert.Certificate[],java.security.cert.CRL[])>($r104, $r105, $r106) | Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update |
| 1.3 |
|
|
MessageDigest | com.lowagie.text.pdf.PdfEncryption.<init>()V | $r6 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer6214) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfEncryption.createDocumentId()[B | r0 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer6239) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.<init>(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;Ljava/lang/String;Ljava/lang/String;Z)V | $r18 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>($r17) | First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.<init>(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;Ljava/lang/String;Ljava/lang/String;Z)V | $r20 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String,java.lang.String)>($r19, r5) | First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.<init>([BLjava/lang/String;)V | $r59 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>($r58) | First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.<init>([BLjava/lang/String;)V | $r68 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String,java.lang.String)>($r67, r2) | First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
Signature | com.lowagie.text.pdf.PdfPKCS7.<init>([B[BLjava/lang/String;)V | $r15 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String,java.lang.String)>(varReplacer7193, r3) | First parameter (with value "SHA1withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA} |
| - | - |
|
Signature | com.lowagie.text.pdf.PdfPKCS7.<init>([B[BLjava/lang/String;)V | $r19 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String)>(varReplacer7191) | First parameter (with value "SHA1withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.update([BII)V | virtualinvoke $r3.<java.security.MessageDigest: void update(byte[],int,int)>(r1, i0, i1) | Third parameter (with value 0)Variable pre_lenmust be greater than pre_off |
| - | - |
|
Signature | com.lowagie.text.pdf.PdfPKCS7.update([BII)V | virtualinvoke $r5.<java.security.Signature: void update(byte[],int,int)>(r1, i0, i1) | Unexpected call to method update on object of type java.security.Signature. Expect a call to one of the following methods initSign,initVerify |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfSigGenericPKCS.setSignInfo(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;)V | $r18 = virtualinvoke $r17.<com.lowagie.text.pdf.PdfPKCS7: byte[] getEncodedPKCS7()>() | Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfSigGenericPKCS.setSignInfo(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;)V | specialinvoke $r4.<com.lowagie.text.pdf.PdfPKCS7: void <init>(java.security.PrivateKey,java.security.cert.Certificate[],java.security.cert.CRL[],java.lang.String,java.lang.String,boolean)>(r1, r2, r3, $r6, $r7, $z0) | Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update |
| 1.3.1 |
|
|
MessageDigest | com.lowagie.text.pdf.PdfEncryption.<init>()V | $r6 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer6515) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfEncryption.createDocumentId()[B | r0 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer6538) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.<init>(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;Ljava/lang/String;Ljava/lang/String;Z)V | $r19 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>($r18) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.<init>(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;Ljava/lang/String;Ljava/lang/String;Z)V | $r21 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String,java.lang.String)>($r20, r5) | First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.<init>([BLjava/lang/String;)V | $r66 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>($r65) | First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.<init>([BLjava/lang/String;)V | $r75 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String,java.lang.String)>($r74, r2) | First parameter (with value "SHA1") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
Signature | com.lowagie.text.pdf.PdfPKCS7.<init>([B[BLjava/lang/String;)V | $r15 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String,java.lang.String)>(varReplacer7525, r3) | First parameter (with value "SHA1withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA} |
| - | - |
|
Signature | com.lowagie.text.pdf.PdfPKCS7.<init>([B[BLjava/lang/String;)V | $r19 = staticinvoke <java.security.Signature: java.security.Signature getInstance(java.lang.String)>(varReplacer7522) | First parameter (with value "SHA1withRSA") should be any of {NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA256withRSA, SHA256withECDSA} |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfPKCS7.update([BII)V | virtualinvoke $r3.<java.security.MessageDigest: void update(byte[],int,int)>(r1, i0, i1) | Third parameter (with value 1)Variable pre_lenmust be greater than pre_off |
| - | - |
|
Signature | com.lowagie.text.pdf.PdfPKCS7.update([BII)V | virtualinvoke $r5.<java.security.Signature: void update(byte[],int,int)>(r1, i0, i1) | Unexpected call to method update on object of type java.security.Signature. Expect a call to one of the following methods initSign,initVerify |
| - | - |
|
MessageDigest | com.lowagie.text.pdf.PdfSigGenericPKCS.setSignInfo(Ljava/security/PrivateKey;[Ljava/security/cert/Certificate;[Ljava/security/cert/CRL;)V | $r20 = virtualinvoke $r19.<com.lowagie.text.pdf.PdfPKCS7: java.security.cert.X509Certificate getSigningCertificate()>() | Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update |