Final fixes

commjoen · commjoen · commit c097cdb3f136 · 2023-08-18T09:08:22.000+02:00
diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge35.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge35.java
@@ -79,6 +79,10 @@ private String getKey() {
     }
   }
 
+  @edu.umd.cs.findbugs.annotations.SuppressFBWarnings(
+      value = "CIPHER_INTEGRITY",
+      justification =
+          "The scheme is bad without hmac, but we wanted to make it a bit more fun for you")
   private String decrypt(String ciphertext)
       throws InvalidAlgorithmParameterException,
           InvalidKeyException,
@@ -93,6 +97,6 @@ private String decrypt(String ciphertext)
 
     Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
     cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
-    return new String(cipher.doFinal(Base64.decode(ciphertext)));
+    return new String(cipher.doFinal(Base64.decode(ciphertext.getBytes(StandardCharsets.UTF_8))));
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -79,6 +79,10 @@ private String getKey() {`
`79`	`79`	`}`
`80`	`80`	`}`
`81`	`81`
	`82`	`+ @edu.umd.cs.findbugs.annotations.SuppressFBWarnings(`
	`83`	`+ value = "CIPHER_INTEGRITY",`
	`84`	`+ justification =`
	`85`	`+ "The scheme is bad without hmac, but we wanted to make it a bit more fun for you")`
`82`	`86`	`private String decrypt(String ciphertext)`
`83`	`87`	`throws InvalidAlgorithmParameterException,`
`84`	`88`	`InvalidKeyException,`
`@@ -93,6 +97,6 @@ private String decrypt(String ciphertext)`
`93`	`97`
`94`	`98`	`Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");`
`95`	`99`	`cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);`
`96`		`- return new String(cipher.doFinal(Base64.decode(ciphertext)));`
	`100`	`+ return new String(cipher.doFinal(Base64.decode(ciphertext.getBytes(StandardCharsets.UTF_8))));`
`97`	`101`	`}`
`98`	`102`	`}`