Comments (3)
Projucti
commented on September 27, 2024
The expected result log is generated using CLI HeadlessCryptoScanner of CryptoAnalysis where all the results after analysis are displayed on CLI. If --reportFormat TXT is selected, it shows the result same.
[main] INFO crypto.HeadlessCryptoScanner - Using call graph algorithm CHA
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$2 (file:/G:/fraunhofer/Newfolder/CryptoAnalysis/CryptoAnalysis-2.8.0-SNAPSHOT-jar-with-dependencies.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$2
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[main] WARN pes.access.impl.DeclaredTypeFactory - --- xtext.common.types ---------------------------------------------------
[main] WARN pes.access.impl.DeclaredTypeFactory - ASM library is too old. Falling back to java.lang.reflect API.
[main] WARN pes.access.impl.DeclaredTypeFactory - Please note that no information about compile time constants is available.
[main] WARN pes.access.impl.DeclaredTypeFactory - It's recommended to use org.objectweb.asm 9.0.0 or better (Maven group id: org.ow2.asm).
[main] WARN pes.access.impl.DeclaredTypeFactory - --------------------------------------------------------------------------
[main] INFO crypto.HeadlessCryptoScanner - Analysis soot setup done in 3.252 s
[main] INFO crypto.analysis.CryptoScanner - Searching for seeds for the analysis!
[main] INFO crypto.analysis.CryptoScanner - Discovered 1 analysis seeds within 1 seconds!
[main] INFO crypto.analysis.CryptoScanner - Analyzed Objects: 1 of 2
[main] INFO crypto.analysis.CryptoScanner - Percentage Completed: 0.5
[main] INFO crypto.reporting.TXTReporter - Text Report generated to file : G:\fraunhofer\Newfolder\CryptoAnalysis\reports\CryptoAnalysis-Report.txt
[main] INFO crypto.analysis.CryptoScanner - Static Analysis took 1 seconds!
[main] INFO crypto.HeadlessCryptoScanner - Analysis finished in 7.754 s
For --reportFormat CSV, it shows the same log.
[main] INFO crypto.HeadlessCryptoScanner - Using call graph algorithm CHA
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$2 (file:/G:/fraunhofer/Newfolder/CryptoAnalysis/CryptoAnalysis-2.8.0-SNAPSHOT-jar-with-dependencies.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$2
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[main] WARN pes.access.impl.DeclaredTypeFactory - --- xtext.common.types ---------------------------------------------------
[main] WARN pes.access.impl.DeclaredTypeFactory - ASM library is too old. Falling back to java.lang.reflect API.
[main] WARN pes.access.impl.DeclaredTypeFactory - Please note that no information about compile time constants is available.
[main] WARN pes.access.impl.DeclaredTypeFactory - It's recommended to use org.objectweb.asm 9.0.0 or better (Maven group id: org.ow2.asm).
[main] WARN pes.access.impl.DeclaredTypeFactory - --------------------------------------------------------------------------
[main] INFO crypto.HeadlessCryptoScanner - Analysis soot setup done in 2.631 s
[main] INFO crypto.analysis.CryptoScanner - Searching for seeds for the analysis!
[main] INFO crypto.analysis.CryptoScanner - Discovered 1 analysis seeds within 1 seconds!
[main] INFO crypto.analysis.CryptoScanner - Analyzed Objects: 1 of 2
[main] INFO crypto.analysis.CryptoScanner - Percentage Completed: 0.5
[main] INFO crypto.reporting.CSVReporter - CSV Report generated to file : G:\fraunhofer\Newfolder\CryptoAnalysis\reports\CryptoAnalysis-Report.csv
[main] INFO crypto.analysis.CryptoScanner - Static Analysis took 1 seconds!
[main] INFO crypto.HeadlessCryptoScanner - Analysis finished in 7.241 s
Please use a CSV Viewer to read the results of CSV file.
from cryptoanalysis.
Maximilianhummel
commented on September 27, 2024
We could also reproduce this behavior with the built version 2.8. What we would like to have is the output in CSV format in a file, as well as the output under the reporttype txt as a log on stdout. Because the txt output provides even more information, in which classes e.g. constraint errors were found.
So would it be possible to save the output in a csv file and output the txt out in parallel on the console? Or do I have to call the tool twice on the same file to get the desired information?
from cryptoanalysis.
krinara86
commented on September 27, 2024
So the issue is not related to how the logs compare to each other but the information that is populated into the csv file and txt files generated. The csv file contains the number of reported errors, whereas the txt contains where these issues are. And txt files are not machine-readable. So ideally, all of this information should be dumped into the csv. Without this being possible, CogniCrypt cannot be integrated into any automated pipeline. Reopening this issue.
from cryptoanalysis.
Related Issues (20)
- False Positive TypestateError in Cipher Class HOT 4
- CryptoAnalysis does not check CONSTRAINTS if no ORDER is specified. HOT 6
- False Positive RequiredPredicateError when woking with JCA PBE HOT 2
- CSV Export not working HOT 9
- No delete button for custom rules HOT 3
- Re-Implement the necessary parts in CryptoAnalysis to make use of the Picocli library
- Feature Request: JSON Result Format HOT 2
- Different report formats report different information HOT 1
- SecureRandom missing an ensured predicate although it is correctly generated
- SecretKey has not the predicate `generatedKey` negated after `destroy()`
- Missing RequiredPredicateError for insecure PBEKeySpec used with SecretKeyFactory HOT 1
- Calling a method multiple times cause missing RequiredPredicateErrors
- CogniCrypt for android soot error HOT 1
- Create an output for preceding and subsequent errors
- Provide CVE / CWE reference in warning messages
- Extend transformations when extracting variables
- Automate Android tests HOT 1
- reportFormat SARIF not working as intended HOT 1
- Failure of Interprocedural Analysis HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cryptoanalysis.