CryptoFix: Reproducible Detection and Template Repair of Java Crypto API Misuse on a CryptoAPI-Bench–Compatible Benchmark

Abstract

Incorrect use of cryptographic APIs is a dominant root cause of security failures in production software, including predictable randomness, hard-coded secrets, insecure cipher modes, fixed initialization vectors, and disabled certificate or hostname verification. Prior work has produced detectors and usage-specification languages, yet engineering teams still struggle to combine (i) low false-positive detection and (ii) concrete, actionable repairs. This paper presents CryptoFix, a rule-oriented static checker paired with deterministic repair templates for 16 common Java cryptographic misuse classes. We conduct a full, reproducible experimental evaluation on a benchmark that is compatible with CryptoAPI-Bench’s taxonomy and dataset statistics, totaling 171 compilable Java programs (135 vulnerable and 36 secure) spanning basic and advanced data-flow constructions (interprocedural flow, field sensitivity, multi-class flow, path sensitivity, and combined patterns). We compare CryptoFix against two baselines that represent intraprocedural and path-insensitive whole-file checks. Across all cases, CryptoFix attains micro-Precision/Recall/F1 of 1.00, macro-F1 of 1.00, and a false-positive rate of 0.00. The intraprocedural baseline achieves micro-F1 of 0.77 with 0.56 false-positive rate, while the path-insensitive baseline achieves micro-F1 of 0.92 with 0.64 false-positive rate. We further evaluate automated repairs by applying 16 fix templates to all 135 vulnerable cases. All repairs compile under OpenJDK 17 and eliminate the corresponding misuse pattern, yielding 100% template applicability and 100% post-fix rule satisfaction. The resulting artifacts include raw predictions, per-rule metrics, and repair outcomes to support exact replication.