Skip to content

CryptoAnalysis 3.0.0
Compare
Choose a tag to compare
@smeyer198 smeyer198 released this 04 Dec 11:07
· 653 commits to master since this release
3.0.0
c681812
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Major version update to include the changes from CrySL 3.0.0 and to improve the analysis overall.

Changes:

  • Support Exception handling: CryptoAnalysis reports an 'UncaughtExceptionError' if there is a method that may throw an exception that is not catched, but the CrySL rule specifies a required exception handling.
  • Inherited methods are now considered in the analysis: Previously, if only the superclass of a class defines a method, the method was not part of the typestate computation, that is, the analysis reported a false positive TypestateError
  • All sections (except SPEC) are now optional
  • Validation of CrySL rules: If a CrySL contains any errors, CryptoAnalysis reports the error and ignores the rule.
  • Further small changes to increase the precision of the analysis

Running CryptoAnalysis 3.0.0 requires at least Java 11 and rulesets with version 3.0.0 or higher.

Attached you can find the CryptoAnalysis jar, the CryptoAnalysis-Android jar and the JavaCryptographicArchitecture version 3.0.2 ruleset.

Assets 5
Loading