Review

Detector:	MuDetectOPAL_180217
Target:	project 'alibaba-druid' version e10f28
Misuse:	misuse '1'

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	An instance of Cipher is used twice (the init() method is called again), which is an invalid operation.
Fix Description:	creates a new instance of Cipher before the second init(). (see diff)
Violation Types:	missing/call
In File:	com/alibaba/druid/filter/config/ConfigTools.java
In Method:	decrypt(PublicKey, String)
Code with Misuse:	class ConfigTools { public static String decrypt(PublicKey publicKey, String cipherText) throws Exception { Cipher cipher = Cipher.getInstance("RSA"); try { cipher.init(Cipher.DECRYPT_MODE, publicKey); } catch (InvalidKeyException e) { // for ibm jdk RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey; RSAPrivateKeySpec spec = new RSAPrivateKeySpec(rsaPublicKey.getModulus(), rsaPublicKey.getPublicExponent()); Key fakePublicKey = KeyFactory.getInstance("RSA").generatePrivate(spec); cipher.init(Cipher.DECRYPT_MODE, fakePublicKey); } if (cipherText == null \|\| cipherText.length() == 0) { return cipherText; } byte[] cipherBytes = Base64.base64ToByteArray(cipherText); byte[] plainBytes = cipher.doFinal(cipherBytes); return new String(plainBytes); } }

Potential Hits

Findings of the detector that identify an anomaly in the same file and method as the known misuse.

Hit	Rank	Confidence	Confidence String	Pattern Examples	Pattern Support	Pattern Violation	Target Environment Mapping	Violation Types
?	1812	0.000552510608204	(pattern support = 10 / 101)(pattern violations = 1 / 128)(overlap = 5.00 / 7.00)	* alibaba-druid/e10f28/original-src/com/alibaba/druid/support/http/WebStatFilter.java#isExclusion(String) * alibaba-druid/e10f28/original-src/com/alibaba/druid/mock/MockDriver.java#connect(String, Properties) * alibaba-druid/e10f28/original-src/com/alibaba/druid/filter/FilterManager.java#<clinit>() * alibaba-druid/e10f28/original-src/com/alibaba/druid/proxy/DruidDriver.java#parseConfig(String, Properties) * alibaba-druid/e10f28/original-src/com/alibaba/druid/support/spring/stat/BeanTypeAutoProxyCreator.java#getAdvicesAndAdvisorsForBean(Class, String, TargetSource)	10			missing/call