Back to library list
org.apache.commons__commons-math
Column Insecure: Icon 
indicates the version is insecure, otherwise 
Column CryptoMisuse: Icon indicates the version has cryptographic API misuse, otherwise
indicates the version is insecure, otherwise
Column CryptoMisuse: Icon
indicates the version has cryptographic API misuse, otherwise
| Version | Insecure | CryptoMisuse | Rule name | Method | Statement | Details |
|---|---|---|---|---|---|---|
| 2.0 |
|
|
MessageDigest | org.apache.commons.math.random.RandomDataImpl.nextSecureHexString(I)Ljava/lang/String; | r16 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer2164) | First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.apache.commons.math.random.RandomDataImpl.nextSecureHexString(I)Ljava/lang/String; | virtualinvoke r16.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
SecureRandom | org.apache.commons.math.random.RandomDataImpl.nextSecureHexString(I)Ljava/lang/String; | virtualinvoke r1.<java.security.SecureRandom: void nextBytes(byte[])>(r3) | Unexpected call to method nextBytes on object of type java.security.SecureRandom. |
| 2.1 |
|
|
MessageDigest | org.apache.commons.math.random.RandomDataImpl.nextSecureHexString(I)Ljava/lang/String; | r17 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer2272) | First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.apache.commons.math.random.RandomDataImpl.nextSecureHexString(I)Ljava/lang/String; | virtualinvoke r17.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
SecureRandom | org.apache.commons.math.random.RandomDataImpl.nextSecureHexString(I)Ljava/lang/String; | virtualinvoke r1.<java.security.SecureRandom: void nextBytes(byte[])>(r3) | Unexpected call to method nextBytes on object of type java.security.SecureRandom. |
| 2.2 |
|
|
MessageDigest | org.apache.commons.math.random.RandomDataImpl.nextSecureHexString(I)Ljava/lang/String; | r17 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer196) | First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.apache.commons.math.random.RandomDataImpl.nextSecureHexString(I)Ljava/lang/String; | virtualinvoke r17.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
SecureRandom | org.apache.commons.math.random.RandomDataImpl.nextSecureHexString(I)Ljava/lang/String; | virtualinvoke r1.<java.security.SecureRandom: void nextBytes(byte[])>(r3) | Unexpected call to method nextBytes on object of type java.security.SecureRandom. |