Format the source code and update qldoc

java/ql/src/Security/CWE/CWE-312/ClearTextStorageSharedPrefs.java

@@ -1,7 +1,7 @@
-public void testSetSharedPrefs(Context context, String name, String password) 
+public void testSetSharedPrefs(Context context, String name, String password)
 {
-    {
-        // BAD - save sensitive information in cleartext
+	{
+		// BAD - save sensitive information in cleartext
 		SharedPreferences sharedPrefs = context.getSharedPreferences("user_prefs", Context.MODE_PRIVATE);
 		Editor editor = sharedPrefs.edit();
 		editor.putString("name", name);
@@ -9,8 +9,8 @@ public void testSetSharedPrefs(Context context, String name, String password)
 		editor.commit();
 	}
 
-    {
-    	// GOOD - save sensitive information in encrypted format
+	{
+		// GOOD - save sensitive information in encrypted format
 		SharedPreferences sharedPrefs = context.getSharedPreferences("user_prefs", Context.MODE_PRIVATE);
 		Editor editor = sharedPrefs.edit();
 		editor.putString("name", encrypt(name));
@@ -18,20 +18,20 @@ public void testSetSharedPrefs(Context context, String name, String password)
 		editor.commit();
 	}
 
-    {
-    	// GOOD - save sensitive information using the built-in `EncryptedSharedPreferences` class in androidx.
-        MasterKey masterKey = new MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS)
-            .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
-            .build();
+	{
+		// GOOD - save sensitive information using the built-in `EncryptedSharedPreferences` class in androidx.
+		MasterKey masterKey = new MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS)
+			.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
+			.build();
 
-        SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
-            context,
-            "secret_shared_prefs",
-            masterKey,
-            EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
-            EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);
-      
-        SharedPreferences.Editor editor = sharedPreferences.edit();
+		SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
+			context,
+			"secret_shared_prefs",
+			masterKey,
+			EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
+			EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);
+
+		SharedPreferences.Editor editor = sharedPreferences.edit();
 		editor.putString("name", name);
 		editor.putString("password", password);
 		editor.commit();

java/ql/src/Security/CWE/CWE-312/ClearTextStorageSharedPrefs.qhelp

@@ -18,7 +18,7 @@
     </p>
 
     <p>
-      In the second and third examples, the code encrypts sensitive information before saving to the device.
+      In the second and third examples, the code encrypts sensitive information before saving it to the device.
     </p>
     <sample src="ClearTextStorageSharedPrefs.java" />
   </example>
@@ -33,7 +33,7 @@
       <a href="https://developer.android.com/topic/security/data">Work with data more securely</a>
     </li>
     <li>
-      PRO ANDROID DEV:
+      ProAndroidDev:
       <a href="https://proandroiddev.com/encrypted-preferences-in-android-af57a89af7c8">Encrypted Preferences in Android</a>
     </li>
   </references>

java/ql/src/Security/CWE/CWE-312/ClearTextStorageSharedPrefs.ql

@@ -1,6 +1,6 @@
 /**
  * @name Cleartext storage of sensitive information using `SharedPreferences` on Android
- * @description Cleartext Storage of Sensitive Information using SharedPreferences on Android allows user with root privileges to access or unexpected exposure from chained vulnerabilities.
+ * @description Cleartext Storage of Sensitive Information using SharedPreferences on Android allows access for users with root privileges or unexpected exposure from chained vulnerabilities.
  * @kind problem
  * @id java/android/cleartext-storage-shared-prefs
  * @tags security

java/ql/test/experimental/query-tests/security/CWE-312/ClearTextStorageSharedPrefs.java

@@ -25,30 +25,29 @@ public class ClearTextStorageSharedPrefs extends Activity {
 		editor.commit();
 	}
 
-    private static String encrypt(String cleartext) {
-        //Use an encryption or hashing algorithm in real world. The demo below just returns an arbitrary value.
-        String cipher = "whatever_encrypted";
-        return cipher;
-    }
+	private static String encrypt(String cleartext) {
+		//Use an encryption or hashing algorithm in real world. The demo below just returns an arbitrary value.
+		String cipher = "whatever_encrypted";
+		return cipher;
+	}
 
 	// GOOD - save sensitive information using the built-in `EncryptedSharedPreferences` class in androidx.
 	public void testSetSharedPrefs3(Context context, String name, String password) {
-        MasterKey masterKey = new MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS)
-            .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
-            .build();
+		MasterKey masterKey = new MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS)
+			.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
+			.build();
 
-        SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
-            context,
-            "secret_shared_prefs",
-            masterKey,
-            EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
-            EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);
-      
-        // Use the shared preferences and editor as you normally would
-        SharedPreferences.Editor editor = sharedPreferences.edit();
+		SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
+			context,
+			"secret_shared_prefs",
+			masterKey,
+			EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
+			EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);
+
+		// Use the shared preferences and editor as you normally would
+		SharedPreferences.Editor editor = sharedPreferences.edit();
 		editor.putString("name", name);
 		editor.putString("password", password);
 		editor.commit();
 	}
-
-}
+}