CryptoAnalysis icon indicating copy to clipboard operation
CryptoAnalysis copied to clipboard

Published 20 hours ago verified publisher icon CROSSINGTUD

Incorrect number of occurrences for RequiredPredicateError in a headless test

Open enriozuni opened this issue 5 years ago • 2 comments

The following project from Braga et al was headless tested.

public static void main(String args[]) {
    try {
      Security.addProvider(new BouncyCastleProvider()); // provedor BC
      byte[] msgAna = ("Insecure default RSA.").getBytes();
      KeyPairGenerator g = KeyPairGenerator.getInstance("RSA");
      g.initialize(2048);
      KeyPair kp = g.generateKeyPair();

      U.println("Plaintext: " + new String(msgAna));

      Cipher enc = Cipher.getInstance("RSA");
      enc.init(Cipher.ENCRYPT_MODE, kp.getPublic());
      Cipher dec = Cipher.getInstance("RSA");
      dec.init(Cipher.DECRYPT_MODE, kp.getPrivate());

      U.println("Algorithm: " + enc.getAlgorithm());
      byte[][] ct = new byte[2][];
      for (int i = 0; i < 2; i++) {
        ct[i] = enc.doFinal(msgAna);
        byte[] ptBeto = dec.doFinal(ct[i]);
        U.println("Ciphertext: " + U.b2x(ct[i]));
      }

    } catch (NoSuchAlgorithmException | NoSuchPaddingException |
            InvalidKeyException | IllegalBlockSizeException |
            BadPaddingException e) {
      System.out.println(e);
    }
}

I get an inconsistency between the error markers in the IDE console and the specification of expected errors in the headless test itself.

The error marker in the console shows:

RequiredPredicateError violating CrySL rule for javax.crypto.Cipher
			Second parameter was not properly generated as generated Key
			at statement: virtualinvoke r3.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer65, $r14)

As seen above, the error marker shows only one RequiredPredicateError violation for the Cipher object, when in fact there are 2 in total for two different Cipher objects.

On the other hand, when specifying the correct expected errors in the headless test itself, the test passes.

setErrorsCount("<example.DefinedProvider7: void main(java.lang.String[])>", RequiredPredicateError.class, 2);

I have stated that the printed error markers are not complete for the RequiredPredicateError for 2 or more objects of the same type (e.g Cipher).

enriozuni avatar Sep 17 '19 14:09 enriozuni

Seems to be a bug in the code that prints the error messages. Do you get the correct number of warnings in the Eclipse Plugin itself?

johspaeth avatar Oct 15 '19 08:10 johspaeth

Seems to be a bug in the code that prints the error messages. Do you get the correct number of warnings in the Eclipse Plugin itself?

Yes, I do get the correct number of warnings in the Eclipse plugin.

enriozuni avatar Oct 17 '19 08:10 enriozuni

Fixed in #486

smeyer198 avatar Nov 30 '23 11:11 smeyer198