Possible CrySL rules to implement from CryptoGuard Crypto-API Benchmark #40
Assignees
Labels
Comments
|
I suspect these will become relevant when you work on this issue. |
|
javax.net.ssl.X509TrustManager: no security risk javax.net.ssl.HostnameVerifier: Interface -> just one method, no implementing classes javax.net.ssl.SSLSocket: rule already exsists Exceptions are not considered |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CryptoGuard Crypto-API Benchmark reports misuses that are not found from static analysis tools such as CogniCrypt. In their list of tests, the following CrySL rules are not implemented and therefore headless tests could not be done.
Reference of the issue is in this link
Java classes that are used in the CryptoGuard tests and are not yet implemented as CrySL rules can be found below.
Checklist:
javax.net.ssl.X509TrustManagerjavax.net.ssl.HostnameVerifierjavax.net.ssl.SSLSessionjavax.net.ssl.HttpsURLConnectionjavax.net.ssl.SSLSocketjavax.net.ssl.SSLSockerFactoryjava.security.cert.CertificateExceptionjava.security.cert.X509Certificatejava.net.URLjava.net.MalformedURLExceptionThe text was updated successfully, but these errors were encountered: