Skip to content

test(java): add regression test for MD5 detection in JCA MessageDigest#393

Merged
n1ckl0sk0rtge merged 1 commit into
cbomkit:mainfrom
sachin9058:test/add-md5-regression
May 5, 2026
Merged

test(java): add regression test for MD5 detection in JCA MessageDigest#393
n1ckl0sk0rtge merged 1 commit into
cbomkit:mainfrom
sachin9058:test/add-md5-regression

Conversation

@sachin9058

Copy link
Copy Markdown
Contributor

MD5 detection is already supported by the JCA MessageDigest matcher but was not covered by tests.

This PR adds a regression test to ensure MD5 detection remains stable and to prevent accidental regressions in future changes.

Changes

  • Added test fixture:
    java/src/test/files/rules/detection/jca/digest/JcaMessageDigestGetInstanceMd5TestFile.java

  • Added regression test:
    java/src/test/java/com/ibm/plugin/rules/detection/jca/digest/JcaMessageDigestGetInstanceMd5Test.java

  • Verified detection output:

    • Algorithm: MD5
    • DigestSize: 128
    • BlockSize: 512

Validation

  • Ran targeted test:
    mvn -pl java -am -Dtest=JcaMessageDigestGetInstanceMd5Test test

  • Built plugin successfully:
    mvn clean install

  • Verified runtime behavior via SonarQube scan (CBOM generation)

Notes

  • No changes to detection logic were required.
  • This PR strictly improves test coverage.

Happy to extend coverage to additional algorithms (e.g., SHA-1, SHA-512) if needed.

Signed-off-by: Sachin Kumar <sachinkumar905846@gmail.com>
Copilot AI review requested due to automatic review settings May 4, 2026 18:22
@sachin9058 sachin9058 requested a review from a team as a code owner May 4, 2026 18:22

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a Java regression test to lock in existing MD5 detection behavior for java.security.MessageDigest#getInstance(...) in the Sonar Cryptography Plugin’s JCA digest matcher, improving coverage without changing detection logic.

Changes:

  • Added a new test fixture exercising MessageDigest.getInstance("MD5") with an expected “Noncompliant” issue.
  • Added a new JUnit test validating the detection store value (Algorithm=MD5) and the translated node details (digest, digest size 128, block size 512).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
java/src/test/java/com/ibm/plugin/rules/detection/jca/digest/JcaMessageDigestGetInstanceMd5Test.java New JUnit regression test asserting MD5 detection and translated node properties.
java/src/test/files/rules/detection/jca/digest/JcaMessageDigestGetInstanceMd5TestFile.java New fixture file containing MessageDigest.getInstance("MD5") annotated with the expected Noncompliant message.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@sachin9058

Copy link
Copy Markdown
Contributor Author

Hi @san-zrl I have opened this for adding regressions test for MD5 detection.. Can u take a look on this ??

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@n1ckl0sk0rtge n1ckl0sk0rtge enabled auto-merge (squash) May 5, 2026 08:27

@n1ckl0sk0rtge n1ckl0sk0rtge left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks @sachin9058 :)

@n1ckl0sk0rtge n1ckl0sk0rtge merged commit 386bdc1 into cbomkit:main May 5, 2026
8 of 10 checks passed
@sachin9058 sachin9058 deleted the test/add-md5-regression branch May 5, 2026 10:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants