Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 85434ca

Browse files
luchua-bcluchua-bc
committed
Format the source code and update qldoc
1 parent 0bd6255 commit 85434ca

4 files changed

Lines changed: 39 additions & 40 deletions

File tree

java/ql/src/Security/CWE/CWE-312/ClearTextStorageSharedPrefs.java

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,37 +1,37 @@
1-
public void testSetSharedPrefs(Context context, String name, String password)
1+
public void testSetSharedPrefs(Context context, String name, String password)
22
{
3-
{
4-
// BAD - save sensitive information in cleartext
3+
{
4+
// BAD - save sensitive information in cleartext
55
SharedPreferences sharedPrefs = context.getSharedPreferences("user_prefs", Context.MODE_PRIVATE);
66
Editor editor = sharedPrefs.edit();
77
editor.putString("name", name);
88
editor.putString("password", password);
99
editor.commit();
1010
}
1111

12-
{
13-
// GOOD - save sensitive information in encrypted format
12+
{
13+
// GOOD - save sensitive information in encrypted format
1414
SharedPreferences sharedPrefs = context.getSharedPreferences("user_prefs", Context.MODE_PRIVATE);
1515
Editor editor = sharedPrefs.edit();
1616
editor.putString("name", encrypt(name));
1717
editor.putString("password", encrypt(password));
1818
editor.commit();
1919
}
2020

21-
{
22-
// GOOD - save sensitive information using the built-in `EncryptedSharedPreferences` class in androidx.
23-
MasterKey masterKey = new MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS)
24-
.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
25-
.build();
21+
{
22+
// GOOD - save sensitive information using the built-in `EncryptedSharedPreferences` class in androidx.
23+
MasterKey masterKey = new MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS)
24+
.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
25+
.build();
2626

27-
SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
28-
context,
29-
"secret_shared_prefs",
30-
masterKey,
31-
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
32-
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);
33-
34-
SharedPreferences.Editor editor = sharedPreferences.edit();
27+
SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
28+
context,
29+
"secret_shared_prefs",
30+
masterKey,
31+
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
32+
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);
33+
34+
SharedPreferences.Editor editor = sharedPreferences.edit();
3535
editor.putString("name", name);
3636
editor.putString("password", password);
3737
editor.commit();

java/ql/src/Security/CWE/CWE-312/ClearTextStorageSharedPrefs.qhelp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
</p>
1919

2020
<p>
21-
In the second and third examples, the code encrypts sensitive information before saving to the device.
21+
In the second and third examples, the code encrypts sensitive information before saving it to the device.
2222
</p>
2323
<sample src="ClearTextStorageSharedPrefs.java" />
2424
</example>
@@ -33,7 +33,7 @@
3333
<a href="https://developer.android.com/topic/security/data">Work with data more securely</a>
3434
</li>
3535
<li>
36-
PRO ANDROID DEV:
36+
ProAndroidDev:
3737
<a href="https://proandroiddev.com/encrypted-preferences-in-android-af57a89af7c8">Encrypted Preferences in Android</a>
3838
</li>
3939
</references>

java/ql/src/Security/CWE/CWE-312/ClearTextStorageSharedPrefs.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/**
22
* @name Cleartext storage of sensitive information using `SharedPreferences` on Android
3-
* @description Cleartext Storage of Sensitive Information using SharedPreferences on Android allows user with root privileges to access or unexpected exposure from chained vulnerabilities.
3+
* @description Cleartext Storage of Sensitive Information using SharedPreferences on Android allows access for users with root privileges or unexpected exposure from chained vulnerabilities.
44
* @kind problem
55
* @id java/android/cleartext-storage-shared-prefs
66
* @tags security

java/ql/test/experimental/query-tests/security/CWE-312/ClearTextStorageSharedPrefs.java

Lines changed: 18 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -25,30 +25,29 @@ public void testSetSharedPrefs2(Context context, String name, String password) {
2525
editor.commit();
2626
}
2727

28-
private static String encrypt(String cleartext) {
29-
//Use an encryption or hashing algorithm in real world. The demo below just returns an arbitrary value.
30-
String cipher = "whatever_encrypted";
31-
return cipher;
32-
}
28+
private static String encrypt(String cleartext) {
29+
//Use an encryption or hashing algorithm in real world. The demo below just returns an arbitrary value.
30+
String cipher = "whatever_encrypted";
31+
return cipher;
32+
}
3333

3434
// GOOD - save sensitive information using the built-in `EncryptedSharedPreferences` class in androidx.
3535
public void testSetSharedPrefs3(Context context, String name, String password) {
36-
MasterKey masterKey = new MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS)
37-
.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
38-
.build();
36+
MasterKey masterKey = new MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS)
37+
.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
38+
.build();
39+
40+
SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
41+
context,
42+
"secret_shared_prefs",
43+
masterKey,
44+
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
45+
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);
3946

40-
SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
41-
context,
42-
"secret_shared_prefs",
43-
masterKey,
44-
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
45-
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);
46-
47-
// Use the shared preferences and editor as you normally would
48-
SharedPreferences.Editor editor = sharedPreferences.edit();
47+
// Use the shared preferences and editor as you normally would
48+
SharedPreferences.Editor editor = sharedPreferences.edit();
4949
editor.putString("name", name);
5050
editor.putString("password", password);
5151
editor.commit();
5252
}
53-
54-
}
53+
}

0 commit comments

Comments
 (0)