Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow setting name and modification date for literal data packet; BC … #78

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

jdurani
Copy link

@jdurani jdurani commented Jan 10, 2024

BC 1.77 and jdk8on:

  • since BC jdk15on stopped with version 1.67 and there are still vulnerabilities, moved to jdk18on
  • source and target compatibility is set to Java 8 anyway
  • updated to latest version

New providers:

  • in some cases, we need to set a name and/or modification date for a literal data packet in encrypted/signed file. This library is designed to work with stream, yet we can stream a file content...
  • ... or, we can simulate file or need to set for whatever reason name of literal data
  • this PR has two new functional interfaces to provide name and/or modification date
  • default is to use current behavior (an empty string as a name "" and current date new Date() as a modification date)
  • implemented in Build interface

@neuhalje
Copy link
Owner

Logo
Checkmarx One – Scan Summary & Details174873e6-af58-45bb-8742-ffbedfa27297

New Issues

Severity Issue Source File / Package Checkmarx Insight
LOW Improper_Resource_Shutdown_or_Release /src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/encrypting/PGPEncryptingStream.java: 147 Attack Vector
LOW Improper_Resource_Shutdown_or_Release /src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/encrypting/PGPEncryptingStream.java: 249 Attack Vector

Fixed Issues

Severity Issue Source File / Package
LOW Improper_Resource_Shutdown_or_Release /src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/encrypting/PGPEncryptingStream.java: 211
LOW Improper_Resource_Shutdown_or_Release /src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/encrypting/PGPEncryptingStream.java: 111
LOW TruffleHog_HighEntropy_Strings /src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/testtooling/ExampleMessages.java: 733
LOW TruffleHog_HighEntropy_Strings /src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/testtooling/ExampleMessages.java: 732
LOW TruffleHog_HighEntropy_Strings /src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/testtooling/ExampleMessages.java: 731
LOW TruffleHog_HighEntropy_Strings /src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/testtooling/ExampleMessages.java: 730
LOW TruffleHog_HighEntropy_Strings /src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/testtooling/ExampleMessages.java: 729
LOW TruffleHog_HighEntropy_Strings /src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/testtooling/ExampleMessages.java: 728
LOW TruffleHog_HighEntropy_Strings /src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/testtooling/ExampleMessages.java: 727
LOW TruffleHog_HighEntropy_Strings /src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/testtooling/ExampleMessages.java: 726

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants