cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [cloudstack] DaanHoogland commented on issue #3459: Misuses of cryptographic APIs
Date Wed, 17 Jul 2019 13:10:50 GMT
DaanHoogland commented on issue #3459: Misuses of cryptographic APIs
URL: https://github.com/apache/cloudstack/issues/3459#issuecomment-512247369
 
 
   @mhp0rtal can you give expoits for any of those isses?
   Can you also please give a version on which these apply, as the first three do not show
code matching the message;
   1: File name => utils/src/main/java/com/cloud/utils/ssh/SSHKeysHelper.java: Line number
=> 75: API name => MessageDigest:
   line 71 is an empty line
   2: File name => utils/src/main/java/com/cloud/utils/nio/Link.java: Line number =>
371: API name => KeyStore:Second parameter should never be of type java.lang.String.
   call on line 371 has only one parameter
   3: File name => utils/src/main/java/org/apache/cloudstack/utils/security/DigestHelper.java:
Line number => 30: API name => MessageDigest:Unexpected call to method <java.security.MessageDigest:
byte[] digest()> on object of type java.security.MessageDigest. Expect a call to one of
the following methods <java.security.MessageDigest: void update(byte[])>,<java.security.MessageDigest:
void update(byte[],int,int)>,<java.security.MessageDigest: byte[] digest(byte[])>,<java.security.MessageDigest:
void update(java.nio.ByteBuffer)>,<java.security.MessageDigest: void update(byte)>
   line 30 is empty
   
   I stopped checking there but I propose you debug your tool of investigation.
   I'm closing this issue but if you feel it is still valid, please add needed extra info
and reopen.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message