DaanHoogland commented on issue #3459: Misuses of cryptographic APIs URL: https://github.com/apache/cloudstack/issues/3459#issuecomment-512247369 @mhp0rtal can you give expoits for any of those isses? Can you also please give a version on which these apply, as the first three do not show code matching the message; 1: File name => utils/src/main/java/com/cloud/utils/ssh/SSHKeysHelper.java: Line number => 75: API name => MessageDigest: line 71 is an empty line 2: File name => utils/src/main/java/com/cloud/utils/nio/Link.java: Line number => 371: API name => KeyStore:Second parameter should never be of type java.lang.String. call on line 371 has only one parameter 3: File name => utils/src/main/java/org/apache/cloudstack/utils/security/DigestHelper.java: Line number => 30: API name => MessageDigest:Unexpected call to method <java.security.MessageDigest: byte[] digest()> on object of type java.security.MessageDigest. Expect a call to one of the following methods <java.security.MessageDigest: void update(byte[])>,<java.security.MessageDigest: void update(byte[],int,int)>,<java.security.MessageDigest: byte[] digest(byte[])>,<java.security.MessageDigest: void update(java.nio.ByteBuffer)>,<java.security.MessageDigest: void update(byte)> line 30 is empty I stopped checking there but I propose you debug your tool of investigation. I'm closing this issue but if you feel it is still valid, please add needed extra info and reopen.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
