Johannes Späth
Johannes Späth
Have a look at the CogniCrypt reports which contain a couple of IncompleteOperationErrors. **at.favre.lib-hkdf-1.0.0** - [CogniCrypt Report](https://gist.github.com/johspaeth/af18f8fe4f2d47c0cc22504cfbdc1b3d). - [Source Code](https://github.com/patrickfav/hkdf/tree/master/src/main/java/at/favre/lib/crypto). **com.amazonaws-amazon-kinesis-aggregator-1.0.3** - [CogniCrypt Report](https://gist.github.com/johspaeth/569341cf1f41bc09f681eb90231bf9ad) - [Source Code](https://github.com/awslabs/kinesis-aggregation/blob/master/java/KinesisAggregator/src/main/java/com/amazonaws/kinesis/agg/AggRecord.java) If you classify...
Great work, thanks. I think we should actually have a wiki page explaining the false positives due to common over-approximation. (Loops, Library Analysis, etc). Do you want to write a...
I had a look at it, I wondered what we can actually do about it. It is related to [this issue](https://github.com/CROSSINGTUD/CogniCrypt/issues/121). The same also happens in that simpler case: ```...
No, we would [like to report](https://github.com/CROSSINGTUD/CogniCrypt/issues/121) on the last statement _using_ the variable. It is strange to get a report at the return statement as it does not even use...
I even suggest to introduce some versioning in form of the folder structure (With version I mean the version of the library that has been specified and not the version...