Skip to content

Instantly share code, notes, and snippets.

@rbonifacio

rbonifacio/cc03.md

Last active December 19, 2021 12:47
Show Gist options
  • Save rbonifacio/26ffdc078d1719760be49b5100597198 to your computer and use it in GitHub Desktop.
Save rbonifacio/26ffdc078d1719760be49b5100597198 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cc03.md

CogniCrypt (report 112) for Wallet

  • Class: org.bouncycastle.x509.AttributeCertificateHolder

  • Method: match

  • Line: -1

  • Issue details: TypestateError

    • TypestateError violating CrySL rule for java.security.MessageDigest.

    • Unexpected call to method <java.security.MessageDigest: byte[] digest()> on object of type java.security.MessageDigest. Expect a call to one of the following methods java.security.MessageDigest: void update(byte[],int,int),java.security.MessageDigest: void update(java.nio.ByteBuffer),java.security.MessageDigest: byte[] digest(byte[]),java.security.MessageDigest: void update(byte[]),java.security.MessageDigest: void update(byte).

Code

  • Not available (perhaps it appears in an external library).

Assessment

  1. How likely this warning might reveal a security threat into this app?

    • [a] Very unlikely;
    • [b] Unlikely;
    • [c] I cannot evaluate this;
    • [d] Likely;
    • [e] Very likely;

  2. Are you likely to accept a patch that fixes this particular issue?

  3. What are the possible side effects that might prevent you from accepting a patch for this issue?

  4. How do you evaluate the textual description of this issue?

    • [a] Totally unclear;
    • [b] Clear;
    • [c] Totally Clear;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment