File tree Expand file tree Collapse file tree
src/experimental/Security/CWE/CWE-312
test/experimental/query-tests/security/CWE-312 Expand file tree Collapse file tree Original file line number Diff line number Diff line change 11/**
22 * @name Cleartext storage of sensitive information using `SharedPreferences` on Android
33 * @description Cleartext Storage of Sensitive Information using SharedPreferences on Android allows access for users with root privileges or unexpected exposure from chained vulnerabilities.
4- * @kind path- problem
4+ * @kind problem
55 * @id java/android/cleartext-storage-shared-prefs
66 * @tags security
77 * external/cwe/cwe-312
@@ -14,7 +14,6 @@ import semmle.code.java.dataflow.TaintTracking
1414import semmle.code.java.frameworks.android.Intent
1515import semmle.code.java.frameworks.android.SharedPreferences
1616import semmle.code.java.security.SensitiveActions
17- import DataFlow:: PathGraph
1817
1918/** Holds if the method call is a setter method of `SharedPreferences`. */
2019private predicate sharedPreferencesInput ( DataFlow:: Node sharedPrefs , Expr input ) {
Original file line number Diff line number Diff line change 1- edges
2- | CleartextStorageSharedPrefs.java:16:19:16:36 | edit(...) : Editor | CleartextStorageSharedPrefs.java:17:3:17:8 | editor |
3- | CleartextStorageSharedPrefs.java:16:19:16:36 | edit(...) : Editor | CleartextStorageSharedPrefs.java:18:3:18:8 | editor |
4- | CleartextStorageSharedPrefs.java:16:19:16:36 | edit(...) : Editor | CleartextStorageSharedPrefs.java:19:3:19:8 | editor |
5- | CleartextStorageSharedPrefs.java:25:19:25:36 | edit(...) : Editor | CleartextStorageSharedPrefs.java:28:3:28:8 | editor |
6- | CleartextStorageSharedPrefs.java:44:19:44:36 | edit(...) : Editor | CleartextStorageSharedPrefs.java:47:3:47:8 | editor |
7- nodes
8- | CleartextStorageSharedPrefs.java:16:19:16:36 | edit(...) : Editor | semmle.label | edit(...) : Editor |
9- | CleartextStorageSharedPrefs.java:17:3:17:8 | editor | semmle.label | editor |
10- | CleartextStorageSharedPrefs.java:18:3:18:8 | editor | semmle.label | editor |
11- | CleartextStorageSharedPrefs.java:18:32:18:39 | password | semmle.label | password |
12- | CleartextStorageSharedPrefs.java:19:3:19:8 | editor | semmle.label | editor |
13- | CleartextStorageSharedPrefs.java:25:19:25:36 | edit(...) : Editor | semmle.label | edit(...) : Editor |
14- | CleartextStorageSharedPrefs.java:28:3:28:8 | editor | semmle.label | editor |
15- | CleartextStorageSharedPrefs.java:44:19:44:36 | edit(...) : Editor | semmle.label | edit(...) : Editor |
16- | CleartextStorageSharedPrefs.java:46:32:46:42 | encPassword | semmle.label | encPassword |
17- | CleartextStorageSharedPrefs.java:47:3:47:8 | editor | semmle.label | editor |
18- | CleartextStorageSharedPrefs.java:67:32:67:39 | password | semmle.label | password |
19- | CleartextStorageSharedPrefs.java:87:32:87:39 | password | semmle.label | password |
20- | CleartextStorageSharedPrefs.java:105:27:105:34 | password | semmle.label | password |
21- #select
221| CleartextStorageSharedPrefs.java:19:3:19:17 | commit(...) | 'SharedPreferences' class $@ containing $@ is stored here. Data was added $@. | CleartextStorageSharedPrefs.java:16:19:16:36 | edit(...) | edit(...) | CleartextStorageSharedPrefs.java:18:32:18:39 | password | sensitive data | CleartextStorageSharedPrefs.java:18:32:18:39 | password | here |
You can’t perform that action at this time.
0 commit comments