Back to library list

org.apache.commons__commons-math3

Column Insecure: Icon yes indicates the version is insecure, otherwise no
Column CryptoMisuse: Icon yes indicates the version has cryptographic API misuse, otherwise no
Version Insecure CryptoMisuse Rule name Method Statement Details
3.0 no       yes MessageDigest org.apache.commons.math3.random.RandomDataImpl.nextSecureHexString(I)Ljava/lang/String; r17 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer706) First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest org.apache.commons.math3.random.RandomDataImpl.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r17.<java.security.MessageDigest: void reset()>() Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update
- - yes SecureRandom org.apache.commons.math3.random.RandomDataImpl.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r1.<java.security.SecureRandom: void nextBytes(byte[])>(r3) Unexpected call to method nextBytes on object of type java.security.SecureRandom.
3.1 no       yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; r17 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer2274) First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r17.<java.security.MessageDigest: void reset()>() Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update
- - yes SecureRandom org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r1.<java.security.SecureRandom: void nextBytes(byte[])>(r3) Unexpected call to method nextBytes on object of type java.security.SecureRandom.
- - yes SecureRandom org.apache.commons.math3.random.RandomDataGenerator.reSeedSecure()V virtualinvoke $r1.<java.security.SecureRandom: void setSeed(long)>($l0) Unexpected call to method setSeed on object of type java.security.SecureRandom. Expect a call to one of the following methods next,generateSeed,nextBytes
- - yes SecureRandom org.apache.commons.math3.random.RandomDataGenerator.reSeedSecure(J)V virtualinvoke $r1.<java.security.SecureRandom: void setSeed(long)>(l0) Unexpected call to method setSeed on object of type java.security.SecureRandom. Expect a call to one of the following methods next,generateSeed,nextBytes
3.1.1 no       yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; r17 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer2281) First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r17.<java.security.MessageDigest: void reset()>() Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update
- - yes SecureRandom org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r1.<java.security.SecureRandom: void nextBytes(byte[])>(r3) Unexpected call to method nextBytes on object of type java.security.SecureRandom.
- - yes SecureRandom org.apache.commons.math3.random.RandomDataGenerator.reSeedSecure()V virtualinvoke $r1.<java.security.SecureRandom: void setSeed(long)>($l0) Unexpected call to method setSeed on object of type java.security.SecureRandom. Expect a call to one of the following methods next,generateSeed,nextBytes
- - yes SecureRandom org.apache.commons.math3.random.RandomDataGenerator.reSeedSecure(J)V virtualinvoke $r1.<java.security.SecureRandom: void setSeed(long)>(l0) Unexpected call to method setSeed on object of type java.security.SecureRandom. Expect a call to one of the following methods next,generateSeed,nextBytes
3.2 no       yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; r17 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer2556) First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r17.<java.security.MessageDigest: void reset()>() Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update
- - yes SecureRandom org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r1.<java.security.SecureRandom: void nextBytes(byte[])>(r3) Unexpected call to method nextBytes on object of type java.security.SecureRandom.
- - yes SecureRandom org.apache.commons.math3.random.RandomDataGenerator.nextSecureLong(JJ)J virtualinvoke r0.<java.security.SecureRandom: void nextBytes(byte[])>(r1) Unexpected call to method nextBytes on object of type java.security.SecureRandom.
- - yes SecureRandom org.apache.commons.math3.random.RandomDataGenerator.reSeedSecure()V virtualinvoke $r1.<java.security.SecureRandom: void setSeed(long)>($l0) Unexpected call to method setSeed on object of type java.security.SecureRandom. Expect a call to one of the following methods next,generateSeed,nextBytes
- - yes SecureRandom org.apache.commons.math3.random.RandomDataGenerator.reSeedSecure(J)V virtualinvoke $r1.<java.security.SecureRandom: void setSeed(long)>(l0) Unexpected call to method setSeed on object of type java.security.SecureRandom. Expect a call to one of the following methods next,generateSeed,nextBytes
3.3 no       yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; r17 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer3306) First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r17.<java.security.MessageDigest: void reset()>() Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update
3.4 no       yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; r17 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer2011) First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r17.<java.security.MessageDigest: void reset()>() Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update
3.4.1 no       yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; r17 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer3618) First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r17.<java.security.MessageDigest: void reset()>() Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update
3.5 no       yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; r17 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer2010) First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r17.<java.security.MessageDigest: void reset()>() Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update
3.6 no       yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; r17 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer4905) First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r17.<java.security.MessageDigest: void reset()>() Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update
3.6.1 no       yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; r17 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer4453) First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}
- - yes MessageDigest org.apache.commons.math3.random.RandomDataGenerator.nextSecureHexString(I)Ljava/lang/String; virtualinvoke r17.<java.security.MessageDigest: void reset()>() Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update