CryptoAnalysis 3.0.0

Major version update to include the changes from CrySL 3.0.0 and to improve the analysis overall.

Changes:

• Support Exception handling: CryptoAnalysis reports an 'UncaughtExceptionError' if there is a method that may throw an exception that is not catched, but the CrySL rule specifies a required exception handling.
• Inherited methods are now considered in the analysis: Previously, if only the superclass of a class defines a method, the method was not part of the typestate computation, that is, the analysis reported a false positive TypestateError
• All sections (except SPEC) are now optional
• Validation of CrySL rules: If a CrySL contains any errors, CryptoAnalysis reports the error and ignores the rule.
• Further small changes to increase the precision of the analysis

Running CryptoAnalysis 3.0.0 requires at least Java 11 and rulesets with version 3.0.0 or higher.

Attached you can find the CryptoAnalysis jar, the CryptoAnalysis-Android jar and the JavaCryptographicArchitecture version 3.0.2 ruleset.

CryptoAnalysis 2.8.1

Changes:

• Update dependencies

With this version, Java 11 is required to build and run the project.

Attached you can find the CryptoAnalysis jar, the CryptoAnalysis-Android jar and the JavaCryptographicArchitecture version 1.5.2 ruleset.

Release 2.8.0

Changes:

• Refactored reporters
• Updated tests

Note that CryptoAnalysis 2.8.0 is the last version, which can be built with Java 8. After that, Java 11 is required. Moreover, CryptoAnalysis 2.8.0 is only compatible with CrySL 2.0.2.

Attached you can find the CryptoAnalysis jar, the CryptoAnalysis-Android jar and the JavaCryptographicArchitecture version 1.5.2 ruleset.

Release 2.7.3

Merge pull request #399 from CROSSINGTUD/release-master-273

Release master 2.7.3

Release 2.7.2

Merge pull request #300 from CROSSINGTUD/release/stable-2.7.2

Release Stable Versions 2.7.2

2.7.1

This is the binary release of the latest CryptoAnalysis. Attached are a ruleset and an example jar file that can be analyzed.

This binary does not require specification of any main class.

Sample usage:

java -jar CryptoAnalysis-2.7.1-SNAPSHOT-jar-with-dependencies.jar --rulesDir=pathToRules --applicationCp=pathToJar

If you get a StackOverflow exception, please increase your stack size to using the Xss JVM option

2.3

• Increase to Soot 3.3.0-SNAPSHOT to fix a bug in Soot dependency during call graph generation
• Support for notHardCoded syntax in CrySL
• Proper hashCode() and equals() methods for all AbstractError
• Increase version of SPDS to 2.3

2.2

• CrySL rules are now located in src/main/resources/
• Adding class CrySLRulesetSelector to load rules for a specific (set) of rulesets.
• BouncyCastle ruleset 0.3

2.0

Version 2.0 of CryptoAnalysis

Changes:

• Added on-the-fly call graph
• Deactivated/Removed ImpreciseValueExtractionError: Too many warnings and are not needed in CogniCrypt

v1.0.0

Use an output Folder for the CommandLineReporter