Skip to content

Instantly share code, notes, and snippets.

@misterAnderson90

misterAnderson90/budget-watch04.md Secret

Last active December 21, 2021 02:01
Show Gist options
  • Save misterAnderson90/537384a665334c4f4fafb4b7ed12a46d to your computer and use it in GitHub Desktop.
Save misterAnderson90/537384a665334c4f4fafb4b7ed12a46d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
budget-watch04.md

CogniCrypt (report 4) for BudgetWatch

  • Class: com.google.common.hash.AbstractStreamingHashFunction

  • Method: hashObject

  • Line: 37

  • Issue details: IncompleteOperationError-3

    • IncompleteOperationError violating CrySL rule for javax.crypto.Mac.

    • Operation on object of type javax.crypto.Mac object not completed. Expected call to update, doFinal.

Code

  • Not available (Perhaps it resides in an external library).

The same warning appear o class com.google.common.hash.AbstractCompositeHashFunction, method: newHasher, line: 52

Questions

  1. How likely might this warning in a third-party library reveal a security threat to this app? a. Very unlikely; b. Unlikely; c. I cannot evaluate this; d. Likely; e. Very likely;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment