smeyer198
commented
3 weeks ago Hi, thank you for the report. You are right, instead of the contents of the resulting map, the actual map object is included in the report. #704 should fix this issue. I hope you can use the reporter then as expected
When running the HeadlessScanner with reportFormat SARIF, it is supposed to create a json file "CryptoAnalysis-Report.json".
java -cp <path-to-analysis-jar> crypto.HeadlessCryptoScanner --rulesDir <path-to-crysl-source-code-format-rules> --appPath <application-path> --reportFormat SARIF --reportPath <save-path>The output inside "CryptoAnalysis-Report.json" is
Expected Behaviour:
{ "sarifVersion" : "2.0.0", "runs" : [ { "files" : { "AESExample.java" : { "mimeType" : "" } }, "resources" : { "rules" : { } }, "results" : [ { "locations" : [ { "physicalLocation" : { "fileLocation" : { "uri" : "AESExample.java" }, "region" : { "method" : "java.lang.String encrypt(java.lang.String,javax.crypto.SecretKey,javax.crypto.spec.IvParameterSpec)", "startLine" : 40, "statement" : "virtualinvoke r0.<javax.crypto.Cipher: void init(int,java.security.Key,java.security.spec.AlgorithmParameterSpec)>(varReplacer3, r1, r2)" } }, "fullyQualifiedLogicalName" : "AESExample::encrypt" } ], "ruleId" : "RequiredPredicateError", "message" : { "text" : "Second parameter was not properly generated as generatedPrivkey OR generatedPubkey OR generatedKey.", "richText" : "RequiredPredicateError violating CrySL rule for javax.crypto.Cipher." } } ], "tool" : { "name" : "CryptoAnalysis", "semanticVersion" : "3.1.0", "language" : "en-US", "version" : "3.1.0" }, "statistics" : { "SoftwareID" : "", "CallgraphReachableMethods" : 2291, "CryptoAnalysisTime" : 255, "CallgraphRechableMethodsWithActiveBodies" : 1192, "SeedObjectCount" : 11, "DataflowVisitedMethods" : 13, "CallgraphConstructionTime" : 617 } } ] }This used to work properly in the previous version 3.1.