Fix key type specification (#237)

n1ckl0sk0rtge · web-flow · commit 23227d0ca052 · 2025-02-27T10:30:01.000+01:00
* add enricher for secret keys

Signed-off-by: Nicklas Körtge &lt;nicklas.koertge1@ibm.com&gt;

* add key specification and reorganisation in translation

Signed-off-by: Nicklas Körtge &lt;nicklas.koertge1@ibm.com&gt;

* update tests

Signed-off-by: Nicklas Körtge &lt;nicklas.koertge1@ibm.com&gt;

---------

Signed-off-by: Nicklas Körtge &lt;nicklas.koertge1@ibm.com&gt;
diff --git a/engine/src/main/java/com/ibm/engine/model/KeyAction.java b/engine/src/main/java/com/ibm/engine/model/KeyAction.java
@@ -24,6 +24,9 @@
 public class KeyAction<T> extends AbstractValue<T> implements IAction<T> {
 
     public enum Action {
+        PRIVATE_KEY_GENERATION,
+        PUBLIC_KEY_GENERATION,
+        SECRET_KEY_GENERATION,
         GENERATION,
         KDF
     }
diff --git a/enricher/src/main/java/com/ibm/enricher/Enricher.java b/enricher/src/main/java/com/ibm/enricher/Enricher.java
@@ -33,6 +33,7 @@
 import com.ibm.enricher.algorithm.SHA3Enricher;
 import com.ibm.enricher.algorithm.SignatureEnricher;
 import com.ibm.enricher.algorithm.TagOrDigestEnricher;
+import com.ibm.enricher.key.SecretKeyEnricher;
 import com.ibm.mapper.model.INode;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -92,7 +93,8 @@ private static INode enrichTree(@Nonnull INode node) {
                     new RSAoaepEnricher(),
                     new SignatureEnricher(),
                     new TagOrDigestEnricher(),
-                    new KEMEnricher());
+                    new KEMEnricher(),
+                    new SecretKeyEnricher());
 
     /**
      * Enriches the given node with additional information.
diff --git a/enricher/src/main/java/com/ibm/enricher/key/SecretKeyEnricher.java b/enricher/src/main/java/com/ibm/enricher/key/SecretKeyEnricher.java
@@ -0,0 +1,42 @@
+/*
+ * SonarQube Cryptography Plugin
+ * Copyright (C) 2025 IBM
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.ibm.enricher.key;
+
+import com.ibm.enricher.IEnricher;
+import com.ibm.mapper.model.AuthenticatedEncryption;
+import com.ibm.mapper.model.BlockCipher;
+import com.ibm.mapper.model.INode;
+import com.ibm.mapper.model.Key;
+import com.ibm.mapper.model.SecretKey;
+import javax.annotation.Nonnull;
+
+public class SecretKeyEnricher implements IEnricher {
+    @Nonnull
+    @Override
+    public INode enrich(@Nonnull INode node) {
+        if (node instanceof Key key) {
+            if (key.hasChildOfType(BlockCipher.class).isPresent()
+                    || key.hasChildOfType(AuthenticatedEncryption.class).isPresent()) {
+                return new SecretKey(key);
+            }
+        }
+        return node;
+    }
+}
diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/jca/keyfactory/JcaKeyFactoryGenerate.java b/java/src/main/java/com/ibm/plugin/rules/detection/jca/keyfactory/JcaKeyFactoryGenerate.java
@@ -40,7 +40,8 @@ public final class JcaKeyFactoryGenerate {
                     .createDetectionRule()
                     .forObjectTypes("java.security.KeyFactory")
                     .forMethods("generatePrivate")
-                    .shouldBeDetectedAs(new KeyActionFactory<>(KeyAction.Action.GENERATION))
+                    .shouldBeDetectedAs(
+                            new KeyActionFactory<>(KeyAction.Action.PRIVATE_KEY_GENERATION))
                     .withMethodParameter(KEY_SPEC_TYPE)
                     .addDependingDetectionRules(JcaKeySpec.rules())
                     .buildForContext(new PrivateKeyContext(KeyContext.Kind.NONE))
@@ -52,7 +53,8 @@ public final class JcaKeyFactoryGenerate {
                     .createDetectionRule()
                     .forObjectTypes("java.security.KeyFactory")
                     .forMethods("generatePublic")
-                    .shouldBeDetectedAs(new KeyActionFactory<>(KeyAction.Action.GENERATION))
+                    .shouldBeDetectedAs(
+                            new KeyActionFactory<>(KeyAction.Action.PUBLIC_KEY_GENERATION))
                     .withMethodParameter(KEY_SPEC_TYPE)
                     .addDependingDetectionRules(JcaKeySpec.rules())
                     .buildForContext(new PublicKeyContext(KeyContext.Kind.NONE))
diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/jca/keyfactory/JcaSecretKeyFactoryGenerateSecret.java b/java/src/main/java/com/ibm/plugin/rules/detection/jca/keyfactory/JcaSecretKeyFactoryGenerateSecret.java
@@ -39,7 +39,8 @@ public final class JcaSecretKeyFactoryGenerateSecret {
                     .createDetectionRule()
                     .forObjectTypes("javax.crypto.SecretKeyFactory")
                     .forMethods("generateSecret")
-                    .shouldBeDetectedAs(new KeyActionFactory<>(KeyAction.Action.GENERATION))
+                    .shouldBeDetectedAs(
+                            new KeyActionFactory<>(KeyAction.Action.SECRET_KEY_GENERATION))
                     .withMethodParameter(KEY_SPEC_TYPE)
                     .addDependingDetectionRules(JcaKeySpec.rules())
                     .buildForContext(new SecretKeyContext(KeyContext.Kind.NONE))
diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/jca/keygenerator/JcaKeyGeneratorGetInstance.java b/java/src/main/java/com/ibm/plugin/rules/detection/jca/keygenerator/JcaKeyGeneratorGetInstance.java
@@ -22,7 +22,6 @@
 import static com.ibm.plugin.rules.detection.TypeShortcuts.STRING_TYPE;
 
 import com.ibm.engine.model.context.KeyContext;
-import com.ibm.engine.model.context.SecretKeyContext;
 import com.ibm.engine.model.factory.AlgorithmFactory;
 import com.ibm.engine.rule.IDetectionRule;
 import com.ibm.engine.rule.builder.DetectionRuleBuilder;
@@ -39,7 +38,7 @@ public final class JcaKeyGeneratorGetInstance {
                     .forMethods("getInstance")
                     .withMethodParameter(STRING_TYPE)
                     .shouldBeDetectedAs(new AlgorithmFactory<>())
-                    .buildForContext(new SecretKeyContext(KeyContext.Kind.NONE))
+                    .buildForContext(new KeyContext(KeyContext.Kind.NONE))
                     .inBundle(() -> "Jca")
                     .withDependingDetectionRules(JcaKeyGeneratorInit.rules());
 
@@ -51,7 +50,7 @@ public final class JcaKeyGeneratorGetInstance {
                     .withMethodParameter(STRING_TYPE)
                     .shouldBeDetectedAs(new AlgorithmFactory<>())
                     .withMethodParameter(STRING_TYPE)
-                    .buildForContext(new SecretKeyContext(KeyContext.Kind.NONE))
+                    .buildForContext(new KeyContext(KeyContext.Kind.NONE))
                     .inBundle(() -> "Jca")
                     .withDependingDetectionRules(JcaKeyGeneratorInit.rules());
 
@@ -63,7 +62,7 @@ public final class JcaKeyGeneratorGetInstance {
                     .withMethodParameter(STRING_TYPE)
                     .shouldBeDetectedAs(new AlgorithmFactory<>())
                     .withMethodParameter("java.security.Provider")
-                    .buildForContext(new SecretKeyContext(KeyContext.Kind.NONE))
+                    .buildForContext(new KeyContext(KeyContext.Kind.NONE))
                     .inBundle(() -> "Jca")
                     .withDependingDetectionRules(JcaKeyGeneratorInit.rules());
 
diff --git a/java/src/main/java/com/ibm/plugin/rules/detection/jca/keygenerator/JcaKeyGeneratorInit.java b/java/src/main/java/com/ibm/plugin/rules/detection/jca/keygenerator/JcaKeyGeneratorInit.java
@@ -21,7 +21,6 @@
 
 import com.ibm.engine.model.Size;
 import com.ibm.engine.model.context.KeyContext;
-import com.ibm.engine.model.context.SecretKeyContext;
 import com.ibm.engine.model.factory.KeySizeFactory;
 import com.ibm.engine.rule.IDetectionRule;
 import com.ibm.engine.rule.builder.DetectionRuleBuilder;
@@ -39,7 +38,7 @@ public final class JcaKeyGeneratorInit {
                     .forMethods("init")
                     .withMethodParameter("int")
                     .shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.BIT))
-                    .buildForContext(new SecretKeyContext(KeyContext.Kind.NONE))
+                    .buildForContext(new KeyContext(KeyContext.Kind.NONE))
                     .inBundle(() -> "Jca")
                     .withoutDependingDetectionRules();
 
@@ -51,7 +50,7 @@ public final class JcaKeyGeneratorInit {
                     .withMethodParameter("int")
                     .shouldBeDetectedAs(new KeySizeFactory<>(Size.UnitType.BIT))
                     .withMethodParameter("java.security.SecureRandom")
-                    .buildForContext(new SecretKeyContext(KeyContext.Kind.NONE))
+                    .buildForContext(new KeyContext(KeyContext.Kind.NONE))
                     .inBundle(() -> "Jca")
                     .withoutDependingDetectionRules();
 
@@ -62,7 +61,7 @@ public final class JcaKeyGeneratorInit {
                     .forMethods("init")
                     .withMethodParameter("java.security.spec.AlgorithmParameterSpec")
                     .addDependingDetectionRules(JcaParameterSpec.rules())
-                    .buildForContext(new SecretKeyContext(KeyContext.Kind.NONE))
+                    .buildForContext(new KeyContext(KeyContext.Kind.NONE))
                     .inBundle(() -> "Jca")
                     .withoutDependingDetectionRules();
 
@@ -74,7 +73,7 @@ public final class JcaKeyGeneratorInit {
                     .withMethodParameter("java.security.spec.AlgorithmParameterSpec")
                     .addDependingDetectionRules(JcaParameterSpec.rules())
                     .withMethodParameter("java.security.SecureRandom")
-                    .buildForContext(new SecretKeyContext(KeyContext.Kind.NONE))
+                    .buildForContext(new KeyContext(KeyContext.Kind.NONE))
                     .inBundle(() -> "Jca")
                     .withoutDependingDetectionRules();
 
diff --git a/java/src/main/java/com/ibm/plugin/translation/reorganizer/JavaReorganizerRules.java b/java/src/main/java/com/ibm/plugin/translation/reorganizer/JavaReorganizerRules.java
@@ -27,6 +27,7 @@
 import com.ibm.mapper.reorganizer.rules.BlockCipherReorganizer;
 import com.ibm.mapper.reorganizer.rules.CipherParameterReorganizer;
 import com.ibm.mapper.reorganizer.rules.CipherSuiteReorganizer;
+import com.ibm.mapper.reorganizer.rules.KeyReorgenizer;
 import com.ibm.mapper.reorganizer.rules.MacReorganizer;
 import com.ibm.mapper.reorganizer.rules.SignatureReorganizer;
 import java.util.List;
@@ -55,6 +56,7 @@ public static List<IReorganizerRule> rules() {
                 SignatureReorganizer.MERGE_UNKNOWN_SIGNATURE_PARENT_AND_CHILD,
                 SignatureReorganizer.moveNodesFromUnderFunctionalityUnderParent(
                         Sign.class, Signature.class),
-                SignatureReorganizer.MERGE_SIGNATURE_PARENT_AND_CHILD);
+                SignatureReorganizer.MERGE_SIGNATURE_PARENT_AND_CHILD,
+                KeyReorgenizer.SPECIFY_KEY_TYPE_BY_LOOKING_AT_KEY_GENERATION);
     }
 }
diff --git a/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyContextTranslator.java b/java/src/main/java/com/ibm/plugin/translation/translator/contexts/JavaKeyContextTranslator.java
@@ -23,6 +23,7 @@
 import com.ibm.engine.model.AlgorithmParameter;
 import com.ibm.engine.model.Curve;
 import com.ibm.engine.model.IValue;
+import com.ibm.engine.model.KeyAction;
 import com.ibm.engine.model.KeySize;
 import com.ibm.engine.model.OperationMode;
 import com.ibm.engine.model.ValueAction;
@@ -90,6 +91,23 @@ public final class JavaKeyContextTranslator extends JavaAbstractLibraryTranslato
                                 algo.put(new KeyGeneration(detectionLocation));
                                 return algo;
                             });
+        } else if (value instanceof KeyAction<Tree> keyAction) {
+            return switch (keyAction.getAction()) {
+                case PRIVATE_KEY_GENERATION ->
+                        Optional.of(
+                                new KeyGeneration(
+                                        KeyGeneration.Specification.PRIVATE_KEY,
+                                        detectionLocation));
+                case PUBLIC_KEY_GENERATION ->
+                        Optional.of(
+                                new KeyGeneration(
+                                        KeyGeneration.Specification.PUBLIC_KEY, detectionLocation));
+                case SECRET_KEY_GENERATION ->
+                        Optional.of(
+                                new KeyGeneration(
+                                        KeyGeneration.Specification.SECRET_KEY, detectionLocation));
+                default -> Optional.empty();
+            };
         }
         return Optional.empty();
     }
diff --git a/java/src/test/files/rules/detection/jca/keyfactory/JcaKeyFactoryGenerateTestFile.java b/java/src/test/files/rules/detection/jca/keyfactory/JcaKeyFactoryGenerateTestFile.java
@@ -7,7 +7,7 @@
 public class JcaKeyFactoryGenerateTestFile {
 
     public void test() throws NoSuchAlgorithmException, InvalidKeySpecException {
-        KeyFactory factory = KeyFactory.getInstance("RSA"); // Noncompliant {{(Key) RSA}}
+        KeyFactory factory = KeyFactory.getInstance("RSA"); // Noncompliant {{(PrivateKey) RSA}}
         factory.generatePrivate(new DHPrivateKeySpec(
                 new BigInteger("1"),
                 new BigInteger("10110011011010110001100001001011111111101110010100000111010110100000110000101011000110010111110100011100111000101101100100101111010010000010011101011101001000001000110100100001100101011001100010010110101101011011010101101111100000101010111010010111101111100000011111110111011110100000010101110000100100110100111101001101000001000100101100100000110011110001001010110101100011110111100100001001000011110111000001010111100101001111011011011110001001110011111111000101011011111001011001110111000011001010100011001110"),
diff --git a/java/src/test/files/rules/issues/RSAPrivateKeyDetectionIssueTestFile.java b/java/src/test/files/rules/issues/RSAPrivateKeyDetectionIssueTestFile.java
@@ -0,0 +1,26 @@
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.*;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+
+public class RSAPrivateKeyDetectionIssueTestFile {
+
+    private static PrivateKey readPkcs8PrivateKey(byte[] pkcs8Bytes) throws GeneralSecurityException {
+        KeyFactory keyFactory = KeyFactory.getInstance("RSA"); // Noncompliant {{(PrivateKey) RSA}}
+        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pkcs8Bytes);
+        try {
+            return keyFactory.generatePrivate(keySpec);
+        } catch (InvalidKeySpecException e) {
+            throw new IllegalArgumentException("Unexpected key format!", e);
+        }
+    }
+
+}
diff --git a/java/src/test/files/rules/resolve/ResolveCallFromOtherClassTestFile.java b/java/src/test/files/rules/resolve/ResolveCallFromOtherClassTestFile.java
@@ -22,7 +22,7 @@ public static Key generate(String algo, int keySize) {
 public class OtherClass {
     public void callCryptoFunction() {
         int keySize = 4096;
-        Key test = ResolveCallFromOtherClassTestFile.generate("RSA", keySize);  // Noncompliant {{(SecretKey) RSA}}
+        Key test = ResolveCallFromOtherClassTestFile.generate("RSA", keySize);  // Noncompliant {{(Key) RSA}}
     }
 
     public void callCryptoFunction2() {
diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/jca/algorithmspec/JcaGCMParameterSpecTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/jca/algorithmspec/JcaGCMParameterSpecTest.java
@@ -96,7 +96,7 @@ public void asserts(
             assertThat(store_1.getDetectionValueContext()).isInstanceOf(SecretKeyContext.class);
             IValue<Tree> value0_1 = store_1.getDetectionValues().get(0);
             assertThat(value0_1).isInstanceOf(KeyAction.class);
-            assertThat(value0_1.asString()).isEqualTo("GENERATION");
+            assertThat(value0_1.asString()).isEqualTo("SECRET_KEY_GENERATION");
 
             DetectionStore<JavaCheck, Tree, Symbol, JavaFileScannerContext> store_1_1 =
                     getStoreOfValueType(PasswordSize.class, store_1.getChildren());
diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/jca/algorithmspec/JcaIvParameterSpecTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/jca/algorithmspec/JcaIvParameterSpecTest.java
@@ -29,7 +29,7 @@
 import com.ibm.engine.model.OperationMode;
 import com.ibm.engine.model.context.AlgorithmParameterContext;
 import com.ibm.engine.model.context.CipherContext;
-import com.ibm.engine.model.context.SecretKeyContext;
+import com.ibm.engine.model.context.KeyContext;
 import com.ibm.mapper.model.BlockCipher;
 import com.ibm.mapper.model.BlockSize;
 import com.ibm.mapper.model.INode;
@@ -73,16 +73,15 @@ public void asserts(
              */
 
             assertThat(detectionStore.getDetectionValues()).hasSize(1);
-            assertThat(detectionStore.getDetectionValueContext())
-                    .isInstanceOf(SecretKeyContext.class);
+            assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class);
             IValue<Tree> value0 = detectionStore.getDetectionValues().get(0);
             assertThat(value0).isInstanceOf(Algorithm.class);
             assertThat(value0.asString()).isEqualTo("AES");
 
             DetectionStore<JavaCheck, Tree, Symbol, JavaFileScannerContext> store_1 =
                     getStoreOfValueType(KeySize.class, detectionStore.getChildren());
             assertThat(store_1.getDetectionValues()).hasSize(1);
-            assertThat(store_1.getDetectionValueContext()).isInstanceOf(SecretKeyContext.class);
+            assertThat(store_1.getDetectionValueContext()).isInstanceOf(KeyContext.class);
             IValue<Tree> value0_1 = store_1.getDetectionValues().get(0);
             assertThat(value0_1).isInstanceOf(KeySize.class);
             assertThat(value0_1.asString()).isEqualTo("256");
diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/jca/keyfactory/JcaKeyFactoryGenerateTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/jca/keyfactory/JcaKeyFactoryGenerateTest.java
@@ -51,12 +51,6 @@ void test() {
                 .verifyIssues();
     }
 
-    /**
-     * DEBUG [detectionStore] (KeyContext<>, Algorithm) RSA DEBUG [detectionStore] └─
-     * (PrivateKeyContext, KeyAction) GENERATION DEBUG [detectionStore] └─ (KeyContext<DH>,
-     * KeySize<bit>) 128 DEBUG [translation] (Key) RSA DEBUG [translation] └─ (KeyLength) 128 DEBUG
-     * [translation] └─ (Algorithm) RSA DEBUG [translation] └─ (KeyLength) 2048
-     */
     @Override
     public void asserts(
             int findingId,
@@ -78,7 +72,7 @@ public void asserts(
         assertThat(store.getDetectionValues()).hasSize(1);
         value = store.getDetectionValues().get(0);
         assertThat(value).isInstanceOf(KeyAction.class);
-        assertThat(value.asString()).isEqualTo("GENERATION");
+        assertThat(value.asString()).isEqualTo("PRIVATE_KEY_GENERATION");
 
         store = getStoreOfValueType(KeySize.class, store.getChildren());
         assertThat(store).isNotNull();
diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/jca/keygenerator/JcaKeyGeneratorGetInstanceTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/jca/keygenerator/JcaKeyGeneratorGetInstanceTest.java
@@ -24,7 +24,7 @@
 import com.ibm.engine.detection.DetectionStore;
 import com.ibm.engine.model.Algorithm;
 import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.context.SecretKeyContext;
+import com.ibm.engine.model.context.KeyContext;
 import com.ibm.mapper.model.BlockCipher;
 import com.ibm.mapper.model.INode;
 import com.ibm.mapper.model.KeyLength;
@@ -50,10 +50,6 @@ void test() {
                 .verifyIssues();
     }
 
-    /**
-     * DEBUG [detectionStore] (SecretKeyContext, Algorithm) AES DEBUG [translation] (SecretKey) AES
-     * DEBUG [translation] └─ (BlockCipher) AES DEBUG [translation] └─ (KeyLength) 128
-     */
     @Override
     public void asserts(
             int findingId,
@@ -64,7 +60,7 @@ public void asserts(
          */
         assertThat(detectionStore.getDetectionValues()).hasSize(1);
         IValue<Tree> value = detectionStore.getDetectionValues().get(0);
-        assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(SecretKeyContext.class);
+        assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class);
         assertThat(value).isInstanceOf(Algorithm.class);
         assertThat(value.asString()).isEqualTo("AES");
         /*
diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/jca/keygenerator/JcaKeyGeneratorInitParameterSpecTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/jca/keygenerator/JcaKeyGeneratorInitParameterSpecTest.java
@@ -24,7 +24,7 @@
 import com.ibm.engine.detection.DetectionStore;
 import com.ibm.engine.model.Algorithm;
 import com.ibm.engine.model.IValue;
-import com.ibm.engine.model.context.SecretKeyContext;
+import com.ibm.engine.model.context.KeyContext;
 import com.ibm.mapper.model.BlockCipher;
 import com.ibm.mapper.model.INode;
 import com.ibm.mapper.model.KeyLength;
@@ -60,7 +60,7 @@ public void asserts(
          */
         assertThat(detectionStore.getDetectionValues()).hasSize(1);
         IValue<Tree> value = detectionStore.getDetectionValues().get(0);
-        assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(SecretKeyContext.class);
+        assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(KeyContext.class);
         assertThat(value).isInstanceOf(Algorithm.class);
         assertThat(value.asString()).isEqualTo("DES");
 
diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/jca/keygenerator/JcaKeyGeneratorInitTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/jca/keygenerator/JcaKeyGeneratorInitTest.java
diff --git a/java/src/test/java/com/ibm/plugin/rules/detection/jca/keyspec/JcaDSAPrivateKeySpecTest.java b/java/src/test/java/com/ibm/plugin/rules/detection/jca/keyspec/JcaDSAPrivateKeySpecTest.java
diff --git a/java/src/test/java/com/ibm/plugin/rules/issues/Issue224Test.java b/java/src/test/java/com/ibm/plugin/rules/issues/Issue224Test.java
diff --git a/java/src/test/java/com/ibm/plugin/rules/issues/RSAPrivateKeyDetectionIssueTest.java b/java/src/test/java/com/ibm/plugin/rules/issues/RSAPrivateKeyDetectionIssueTest.java
diff --git a/mapper/src/main/java/com/ibm/mapper/model/functionality/KeyGeneration.java b/mapper/src/main/java/com/ibm/mapper/model/functionality/KeyGeneration.java
diff --git a/mapper/src/main/java/com/ibm/mapper/reorganizer/UsualPerformActions.java b/mapper/src/main/java/com/ibm/mapper/reorganizer/UsualPerformActions.java
diff --git a/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/KeyReorgenizer.java b/mapper/src/main/java/com/ibm/mapper/reorganizer/rules/KeyReorgenizer.java

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,9 @@`
`24`	`24`	`public class KeyAction<T> extends AbstractValue<T> implements IAction<T> {`
`25`	`25`
`26`	`26`	`public enum Action {`
	`27`	`+ PRIVATE_KEY_GENERATION,`
	`28`	`+ PUBLIC_KEY_GENERATION,`
	`29`	`+ SECRET_KEY_GENERATION,`
`27`	`30`	`GENERATION,`
`28`	`31`	`KDF`
`29`	`32`	`}`