During an empirical study to understand the nature of cryptographic misuses in enterprise-driven projects on GitHub, we randomly inspected a few of the misuses. One of the misuses for which we could confirm as a true positive of the analysis, CogniCryptSAST, is in this project.
The class AbstractDocumentBusinessServiceImpl only initialises MessageDigest without calling any subsequent call. Thus, the usage is considered as a misuse of the JCA class.
I hope that the report help you to improve your project.
During an empirical study to understand the nature of cryptographic misuses in enterprise-driven projects on GitHub, we randomly inspected a few of the misuses. One of the misuses for which we could confirm as a true positive of the analysis, CogniCryptSAST, is in this project.
The class AbstractDocumentBusinessServiceImpl only initialises MessageDigest without calling any subsequent call. Thus, the usage is considered as a misuse of the JCA class.
I hope that the report help you to improve your project.