Back to library list
org.apache.httpcomponents__httpclient-android
Column Insecure: Icon 
indicates the version is insecure, otherwise 
Column CryptoMisuse: Icon indicates the version has cryptographic API misuse, otherwise
indicates the version is insecure, otherwise
Column CryptoMisuse: Icon
indicates the version has cryptographic API misuse, otherwise
| Version | Insecure | CryptoMisuse | Rule name | Method | Statement | Details |
|---|---|---|---|---|---|---|
| 4.3.3 |
|
|
SSLContext | org.apache.http.conn.ssl.SSLContextBuilder.build()Ljavax/net/ssl/SSLContext; | r1 = staticinvoke <javax.net.ssl.SSLContext: javax.net.ssl.SSLContext getInstance(java.lang.String)>($r14) | First parameter (with value "TLS") should be any of {TLSv1, TLSv1.1, TLSv1.2} |
| - | - |
|
SSLContext | org.apache.http.conn.ssl.SSLContextBuilder.build()Ljavax/net/ssl/SSLContext; | virtualinvoke r1.<javax.net.ssl.SSLContext: void init(javax.net.ssl.KeyManager[],javax.net.ssl.TrustManager[],java.security.SecureRandom)>($r17, $r18, $r19) | First parameter was not properly generated as generated Key Manager |
| - | - |
|
SSLContext | org.apache.http.conn.ssl.SSLContextBuilder.build()Ljavax/net/ssl/SSLContext; | virtualinvoke r1.<javax.net.ssl.SSLContext: void init(javax.net.ssl.KeyManager[],javax.net.ssl.TrustManager[],java.security.SecureRandom)>($r17, $r18, $r19) | Second parameter was not properly generated as generated Trust Manager |
| - | - |
|
KeyManagerFactory | org.apache.http.conn.ssl.SSLContextBuilder.loadKeyMaterial(Ljava/security/KeyStore;[CLorg/apache/http/conn/ssl/PrivateKeyStrategy;)Lorg/apache/http/conn/ssl/SSLContextBuilder; | virtualinvoke r4.<javax.net.ssl.KeyManagerFactory: void init(java.security.KeyStore,char[])>(r1, r2) | First parameter was not properly generated as generated Key Store |
| - | - |
|
TrustManagerFactory | org.apache.http.conn.ssl.SSLContextBuilder.loadTrustMaterial(Ljava/security/KeyStore;Lorg/apache/http/conn/ssl/TrustStrategy;)Lorg/apache/http/conn/ssl/SSLContextBuilder; | virtualinvoke r3.<javax.net.ssl.TrustManagerFactory: void init(java.security.KeyStore)>(r1) | First parameter was not properly generated as generated Key Store |
| - | - |
|
SSLContext | org.apache.http.conn.ssl.SSLContexts.createDefault()Ljavax/net/ssl/SSLContext; | r6 = staticinvoke <javax.net.ssl.SSLContext: javax.net.ssl.SSLContext getInstance(java.lang.String)>(varReplacer2435) | First parameter (with value "TLS") should be any of {TLSv1, TLSv1.1, TLSv1.2} |
| - | - |
|
SSLContext | org.apache.http.conn.ssl.SSLContexts.createDefault()Ljavax/net/ssl/SSLContext; | virtualinvoke r6.<javax.net.ssl.SSLContext: void init(javax.net.ssl.KeyManager[],javax.net.ssl.TrustManager[],java.security.SecureRandom)>(varReplacer2436, varReplacer2436, varReplacer2436) | First parameter was not properly generated as generated Key Manager |
| - | - |
|
SSLContext | org.apache.http.conn.ssl.SSLContexts.createDefault()Ljavax/net/ssl/SSLContext; | virtualinvoke r6.<javax.net.ssl.SSLContext: void init(javax.net.ssl.KeyManager[],javax.net.ssl.TrustManager[],java.security.SecureRandom)>(varReplacer2436, varReplacer2436, varReplacer2436) | Second parameter was not properly generated as generated Trust Manager |
| - | - |
|
SSLContext | org.apache.http.conn.ssl.SSLContexts.createSystemDefault()Ljavax/net/ssl/SSLContext; | $r1 = staticinvoke <javax.net.ssl.SSLContext: javax.net.ssl.SSLContext getInstance(java.lang.String)>(varReplacer2439) | First parameter (with value "Default") should be any of {TLSv1, TLSv1.1, TLSv1.2} |
| - | - |
|
MessageDigest | org.apache.http.impl.auth.DigestSchemeHC4.authenticate(Lorg/apache/http/auth/Credentials;Lorg/apache/http/HttpRequest;Lorg/apache/http/protocol/HttpContext;)Lorg/apache/http/Header; | $r2 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(r0) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.apache.http.impl.auth.DigestSchemeHC4.authenticate(Lorg/apache/http/auth/Credentials;Lorg/apache/http/HttpRequest;Lorg/apache/http/protocol/HttpContext;)Lorg/apache/http/Header; | $r37 = virtualinvoke r10.<java.security.MessageDigest: byte[] digest(byte[])>($r36) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl.RC4([B[B)[B | r7 = staticinvoke <javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>(varReplacer1371) | First parameter (with value "RC4") should be any of {AES, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256, RSA} |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl.RC4([B[B)[B | virtualinvoke r7.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer1372, r9) | Second parameter was not properly generated as generated Key |
| - | - |
|
SecretKeySpec | org.apache.http.impl.auth.NTLMEngineImpl.RC4([B[B)[B | specialinvoke r9.<javax.crypto.spec.SecretKeySpec: void <init>(byte[],java.lang.String)>(r1, varReplacer1373) | First parameter was not properly generated as prepared Key Material |
| - | - |
|
SecretKeySpec | org.apache.http.impl.auth.NTLMEngineImpl.createDESKey([BI)Ljava/security/Key; | specialinvoke $r3.<javax.crypto.spec.SecretKeySpec: void <init>(byte[],java.lang.String)>(r2, varReplacer1432) | First parameter was not properly generated as prepared Key Material |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl.lmHash(Ljava/lang/String;)[B | r5 = staticinvoke <javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>(varReplacer1379) | First parameter (with value "DES/ECB/NoPadding") should be any of {AES, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256, RSA} |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl.lmHash(Ljava/lang/String;)[B | virtualinvoke r5.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer1388, r3) | Second parameter was not properly generated as generated Key |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl.lmHash(Ljava/lang/String;)[B | virtualinvoke r5.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer1388, r3) | Unexpected call to method init on object of type javax.crypto.Cipher. Expect a call to one of the following methods update,doFinal |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl.lmHash(Ljava/lang/String;)[B | virtualinvoke r5.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer1389, r2) | Second parameter was not properly generated as generated Key |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl.lmResponse([B[B)[B | r5 = staticinvoke <javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>(varReplacer1420) | First parameter (with value "DES/ECB/NoPadding") should be any of {AES, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256, RSA} |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl.lmResponse([B[B)[B | virtualinvoke r5.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer1406, r2) | Second parameter was not properly generated as generated Key |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl.lmResponse([B[B)[B | virtualinvoke r5.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer1407, r4) | Second parameter was not properly generated as generated Key |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl.lmResponse([B[B)[B | virtualinvoke r5.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer1408, r3) | Second parameter was not properly generated as generated Key |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl.lmResponse([B[B)[B | virtualinvoke r5.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer1408, r3) | Unexpected call to method init on object of type javax.crypto.Cipher. Expect a call to one of the following methods update,doFinal |
| - | - |
|
MessageDigest | org.apache.http.impl.auth.NTLMEngineImpl.ntlm2SessionResponse([B[B[B)[B | r10 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer1377) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl$CipherGen.getLanManagerSessionKey()[B | r17 = staticinvoke <javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>(varReplacer1326) | First parameter (with value "DES/ECB/NoPadding") should be any of {AES, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256, RSA} |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl$CipherGen.getLanManagerSessionKey()[B | r18 = staticinvoke <javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>(varReplacer1322) | First parameter (with value "DES/ECB/NoPadding") should be any of {AES, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256, RSA} |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl$CipherGen.getLanManagerSessionKey()[B | virtualinvoke r17.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer1327, r3) | Second parameter was not properly generated as generated Key |
| - | - |
|
Cipher | org.apache.http.impl.auth.NTLMEngineImpl$CipherGen.getLanManagerSessionKey()[B | virtualinvoke r18.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer1318, r4) | Second parameter was not properly generated as generated Key |
| - | - |
|
MessageDigest | org.apache.http.impl.auth.NTLMEngineImpl$HMACMD5.<init>([B)V | $r2 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer1483) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.apache.http.impl.auth.NTLMEngineImpl$HMACMD5.<init>([B)V | virtualinvoke $r5.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
MessageDigest | org.apache.http.impl.auth.NTLMEngineImpl$HMACMD5.getOutput()[B | virtualinvoke $r4.<java.security.MessageDigest: void update(byte[])>($r3) | Unexpected call to method update on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| 4.3.5 |
|
|
||||
| 4.3.5.1 |
|
|