Review

Detector:	MuDetectOPAL_180330_1
Target:	project 'alibaba-druid' version e10f28
Misuse:	misuse '2'

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	A call to Cipher.init() may throw an InvalidKeyException.
Fix Description:	(see diff)
Violation Types:	missing/exception handling
In File:	com/alibaba/druid/filter/config/ConfigTools.java
In Method:	encrypt(byte[], String)
Code with Misuse:	class ConfigTools { public static String encrypt(byte[] keyBytes, String plainText) throws Exception { PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory factory = KeyFactory.getInstance("RSA"); PrivateKey privateKey = factory.generatePrivate(spec); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, privateKey); byte[] encryptedBytes = cipher.doFinal(plainText.getBytes("UTF-8")); String encryptedString = Base64.byteArrayToBase64(encryptedBytes); return encryptedString; } }
Code with Pattern(s):	`class HandleInvalidKey { void pattern(PrivateKey privateKey) throws NoSuchAlgorithmException, NoSuchPaddingException { Cipher cipher = Cipher.getInstance("RSA"); try { cipher.init(Cipher.ENCRYPT_MODE, privateKey); } catch (InvalidKeyException e) { // handle exception... } } }`

Potential Hits

Findings of the detector that identify an anomaly in the same file and method as the known misuse.

Hit	Rank	Confidence	Confidence String	Pattern Examples	Pattern Support	Pattern Violation	Target Environment Mapping	Violation Types
?	5	1	no ranking	* alibaba-druid/e10f28/patterns-src/2/HandleInvalidKey.java#pattern(PrivateKey)	1			missing/exception handling