Skip to content

Releases: CROSSINGTUD/CryptoAnalysis

4.0.1

16 Sep 16:38
@github-actions github-actions
4.0.1
030dfbb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
4.0.1 Latest
Latest

Release Notes:

Assets 7
Loading

4.0.0

10 Sep 12:22
@smeyer198 smeyer198
4.0.0
7042486
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
4.0.0

Restructured project:

  • CryptoAnalysis now contains only the analysis components for CogniCryptSAST
  • HeadlessJavaScanner contains the "Front-End" for analyzing Java applications
  • HeadlessAndroidScanner contains the "Front-End" for analyzing Android applications

Running CryptoAnalysis 4.0.0 requires at least Java 11 and rulesets with version 3.0.0 or higher.

Attached you can find the CryptoAnalysis.jar, the HeadlessJavaScanner.jar, the HeadlessAndroidScanner.jar and the JavaCryptographicArchitecture version 3.1.0 ruleset. The Examples.jar contains the example programs from here.

Assets 7
Loading

3.2.1

26 Jul 13:59
@smeyer198 smeyer198
3.2.1
4247bd6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
3.2.1

Changes:
-Fix a bug related to RequiredPredicateErrors
-Update Tink dependency

Running CryptoAnalysis 3.2.1 requires at least Java 11 and rulesets with version 3.0.0 or higher.

Attached you can find the CryptoAnalysis.jar, the CryptoAnalysis-Android.jar and the JavaCryptographicArchitecture version 3.1.0 ruleset. The Examples.jar contains the example programs from here.

Assets 6
Loading

3.2.0

26 Jul 13:53
@smeyer198 smeyer198
3.2.0
3105469
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
3.2.0

Changes:

  • Integrate SPDS 3.1.2 into the project.
  • Add --timeout flag to determine the timeout for SPDS queries

Running CryptoAnalysis 3.2.0 requires at least Java 11 and rulesets with version 3.0.0 or higher.

Attached you can find the CryptoAnalysis.jar, the CryptoAnalysis-Android.jar and the JavaCryptographicArchitecture version 3.1.0 ruleset. The Examples.jar contains the example programs from here.

Assets 6
Loading

3.1.2

26 Jul 13:47
@smeyer198 smeyer198
3.1.2
e66170b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
3.1.2

Changes:

  • Updated dependencies
  • Pre-Release version for minor update to 3.2.0

Running CryptoAnalysis 3.1.0 requires at least Java 11 and rulesets with version 3.0.0 or higher (recommended JCA 3.1.0).

Attached you can find the CryptoAnalysis.jar, the CryptoAnalysis-Android.jar and the JavaCryptographicArchitecture version 3.1.0 ruleset. The Examples.jar contains the example programs from here.

Assets 6
Loading

3.1.1

26 Jul 13:41
@smeyer198 smeyer198
3.1.1
3776bee
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
3.1.1

Changes:
-Updated dependencies
-Added GitHub-Annotation Reporter and Action
-Fix a IncompleteOperationErrors for multiple dataflow paths
Running CryptoAnalysis 3.1.1 requires at least Java 11 and rulesets with version 3.0.0 or higher (recommended JCA 3.1.0).

Attached you can find the CryptoAnalysis.jar, the CryptoAnalysis-Android.jar and the JavaCryptographicArchitecture version 3.1.0 ruleset. The Examples.jar contains the example programs from here.

Assets 6
Loading

3.1.0

07 Feb 08:56
@smeyer198 smeyer198
3.1.0
e5820a1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
3.1.0

Add basic support for subsequent error detection. Each error references preceding and subsequent errors, which improves the overall error detection, and which allows comprehending errors. In addition to that, the analysis is able to parse and deal with predicates that contain the keyword this. An example could look like this:

KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.initialize(64);                    // constraint error
SecretKey key = kg.generateKey();     // the key is not generated securely

A key size of 64 is not allowed. Therefore, the analysis reports a ConstraintError for KeyGenerator and kg is not secure. Hence, the returned key from generateKey() is not secure, too, and a RequiredPredicateError is reported. This RequiredPredicateError references the previous ConstraintError and allows reasoning that the RequiredPredicateError is caused by the ConstraintError (and vice versa: the ConstraintError references the RequiredPredicateError, that is, the ConstraintError causes the RequiredPredicateError).

Note: Currently, preceding and subsequent errors are not included in the reports, yet. They are only stored internally, which still allows testing the functionality.

Running CryptoAnalysis 3.1.0 requires at least Java 11 and rulesets with version 3.0.0 or higher (recommended JCA 3.1.0).

Attached you can find the CryptoAnalysis.jar, the CryptoAnalysis-Android.jar and the JavaCryptographicArchitecture version 3.1.0 ruleset. The Examples.jar contains the example programs from here.

Assets 6
Loading

3.0.3

18 Jan 09:26
@smeyer198 smeyer198
3.0.3
fd942eb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
3.0.3

Changes:

  • Provide a Github action to run CogniCryptSAST in workflows
  • Add a CLI option that allows ignoring specific sections (packages, classes and methods) of the target application during the analysis
  • Fix a bug, where RequiredPredicateErrors are not reported correctly
  • Fix a bug related to multiple negated RequiredPredicates

Running CryptoAnalysis 3.0.3 requires at least Java 11 and rulesets with version 3.0.0 or higher.

Attached you can find the CryptoAnalysis jar, the CryptoAnalysis-Android jar and the JavaCryptographicArchitecture version 3.0.2 ruleset. The Examples.jar contains the example programs from here.

Assets 5
Loading

CryptoAnalysis 3.0.2

11 Jan 08:23
@smeyer198 smeyer198
3.0.2
20c66c5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
CryptoAnalysis 3.0.2

Changes:
-Fix a bug, where the same method calls from different classes are not parsed correctly
-Updated dependencies

Running CryptoAnalysis 3.0.2 requires at least Java 11 and rulesets with version 3.0.0 or higher.

Attached you can find the CryptoAnalysis jar, the CryptoAnalysis-Android jar and the JavaCryptographicArchitecture version 3.0.2 ruleset. The Examples.jar contains the example programs from here.

Assets 6
Loading

CryptoAnalysis 3.0.1

11 Jan 08:18
@smeyer198 smeyer198
3.0.1
16ea989
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
CryptoAnalysis 3.0.1

Changes:

  • Improved the negated predicates mechanism
  • Fixed a bug, where similar violations are not reported correctly

Running CryptoAnalysis 3.0.1 requires at least Java 11 and rulesets with version 3.0.0 or higher.

Attached you can find the CryptoAnalysis jar, the CryptoAnalysis-Android jar and the JavaCryptographicArchitecture version 3.0.2 ruleset. The Examples.jar contains the example programs from here.

Assets 6
Loading