mirror of
https://github.com/github/codeql.git
synced 2026-04-29 10:45:15 +02:00
Java: Inline expectation should have space after $
This was a regex-find-replace from `// \$(?! )` (using a negative lookahead) to `// $ `.
This commit is contained in:
Owen Mansel-Chan
@@ -11,24 +11,24 @@ public class TaintedEnvironment {
|
||||
String s = (String) source();
|
||||
ProcessBuilder pb = new ProcessBuilder();
|
||||
|
||||
pb.environment().put("foo", s); // $hasTaintFlow
|
||||
pb.environment().put("foo", s); // $ hasTaintFlow
|
||||
|
||||
pb.environment().put(s, "foo"); // $hasTaintFlow
|
||||
pb.environment().put(s, "foo"); // $ hasTaintFlow
|
||||
|
||||
Map<String, String> extra = Map.of("USER", s);
|
||||
|
||||
pb.environment().putAll(extra); // $hasTaintFlow
|
||||
pb.environment().putAll(extra); // $ hasTaintFlow
|
||||
|
||||
pb.environment().putIfAbsent("foo", s); // $hasTaintFlow
|
||||
pb.environment().putIfAbsent(s, "foo"); // $hasTaintFlow
|
||||
pb.environment().putIfAbsent("foo", s); // $ hasTaintFlow
|
||||
pb.environment().putIfAbsent(s, "foo"); // $ hasTaintFlow
|
||||
|
||||
pb.environment().replace("foo", s); // $hasTaintFlow
|
||||
pb.environment().replace(s, "foo"); // $hasTaintFlow
|
||||
pb.environment().replace("foo", "bar", s); // $hasTaintFlow
|
||||
pb.environment().replace("foo", s); // $ hasTaintFlow
|
||||
pb.environment().replace(s, "foo"); // $ hasTaintFlow
|
||||
pb.environment().replace("foo", "bar", s); // $ hasTaintFlow
|
||||
|
||||
Map<String, String> env = pb.environment();
|
||||
|
||||
env.put("foo", s); // $hasTaintFlow
|
||||
env.put("foo", s); // $ hasTaintFlow
|
||||
|
||||
pb.start();
|
||||
}
|
||||
@@ -36,6 +36,6 @@ public class TaintedEnvironment {
|
||||
public void exec() throws java.io.IOException {
|
||||
String kv = (String) source();
|
||||
|
||||
Runtime.getRuntime().exec(new String[] { "ls" }, new String[] { kv }); // $hasTaintFlow
|
||||
Runtime.getRuntime().exec(new String[] { "ls" }, new String[] { kv }); // $ hasTaintFlow
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,14 +21,14 @@ class SensitiveCookieNotHttpOnly {
|
||||
|
||||
// BAD - Tests adding a sensitive cookie without the `HttpOnly` flag set.
|
||||
public void addCookie2(String jwt_token, String userId, HttpServletRequest request, HttpServletResponse response) {
|
||||
String tokenCookieStr = "jwt_token"; // $Source
|
||||
String tokenCookieStr = "jwt_token"; // $ Source
|
||||
Cookie jwtCookie = new Cookie(tokenCookieStr, jwt_token);
|
||||
Cookie userIdCookie = new Cookie("user_id", userId);
|
||||
jwtCookie.setPath("/");
|
||||
userIdCookie.setPath("/");
|
||||
jwtCookie.setMaxAge(3600*24*7);
|
||||
userIdCookie.setMaxAge(3600*24*7);
|
||||
response.addCookie(jwtCookie); // $Alert
|
||||
response.addCookie(jwtCookie); // $ Alert
|
||||
response.addCookie(userIdCookie);
|
||||
}
|
||||
|
||||
@@ -39,9 +39,9 @@ class SensitiveCookieNotHttpOnly {
|
||||
|
||||
// BAD - Tests set a sensitive cookie header without the `HttpOnly` flag set.
|
||||
public void addCookie4(String authId, HttpServletRequest request, HttpServletResponse response) {
|
||||
response.addHeader("Set-Cookie", "token=" +authId + ";Secure"); // $Alert
|
||||
response.addHeader("Set-Cookie", "token=" +authId + ";Secure"); // $ Alert
|
||||
}
|
||||
|
||||
|
||||
// GOOD - Tests set a sensitive cookie header using the class `javax.ws.rs.core.Cookie` with the `HttpOnly` flag set through string concatenation.
|
||||
public void addCookie5(String accessKey, HttpServletRequest request, HttpServletResponse response) {
|
||||
response.setHeader("Set-Cookie", new NewCookie("session-access-key", accessKey, "/", null, null, 0, true) + ";HttpOnly");
|
||||
@@ -49,7 +49,7 @@ class SensitiveCookieNotHttpOnly {
|
||||
|
||||
// BAD - Tests set a sensitive cookie header using the class `javax.ws.rs.core.Cookie` without the `HttpOnly` flag set.
|
||||
public void addCookie6(String accessKey, HttpServletRequest request, HttpServletResponse response) {
|
||||
response.setHeader("Set-Cookie", new NewCookie("session-access-key", accessKey, "/", null, null, 0, true).toString()); // $Alert
|
||||
response.setHeader("Set-Cookie", new NewCookie("session-access-key", accessKey, "/", null, null, 0, true).toString()); // $ Alert
|
||||
}
|
||||
|
||||
// GOOD - Tests set a sensitive cookie header using the class `javax.ws.rs.core.Cookie` with the `HttpOnly` flag set through the constructor.
|
||||
@@ -60,15 +60,15 @@ class SensitiveCookieNotHttpOnly {
|
||||
|
||||
// BAD - Tests set a sensitive cookie header using the class `javax.ws.rs.core.Cookie` without the `HttpOnly` flag set.
|
||||
public void addCookie8(String accessKey, HttpServletRequest request, HttpServletResponse response) {
|
||||
NewCookie accessKeyCookie = new NewCookie("session-access-key", accessKey, "/", null, 0, null, 86400, true); // $Source
|
||||
NewCookie accessKeyCookie = new NewCookie("session-access-key", accessKey, "/", null, 0, null, 86400, true); // $ Source
|
||||
String keyStr = accessKeyCookie.toString();
|
||||
response.setHeader("Set-Cookie", keyStr); // $Alert
|
||||
response.setHeader("Set-Cookie", keyStr); // $ Alert
|
||||
}
|
||||
|
||||
// BAD - Tests set a sensitive cookie header using a variable without the `HttpOnly` flag set.
|
||||
public void addCookie9(String authId, HttpServletRequest request, HttpServletResponse response) {
|
||||
String secString = "token=" +authId + ";Secure"; // $Source
|
||||
response.addHeader("Set-Cookie", secString); // $Alert
|
||||
String secString = "token=" +authId + ";Secure"; // $ Source
|
||||
response.addHeader("Set-Cookie", secString); // $ Alert
|
||||
}
|
||||
|
||||
// GOOD - Tests set a sensitive cookie header with the `HttpOnly` flag set using `String.format(...)`.
|
||||
@@ -85,7 +85,7 @@ class SensitiveCookieNotHttpOnly {
|
||||
}
|
||||
|
||||
public Cookie createAuthenticationCookie(HttpServletRequest request, String jwt) {
|
||||
String PRESTO_UI_COOKIE = "Presto-UI-Token"; // $Source
|
||||
String PRESTO_UI_COOKIE = "Presto-UI-Token"; // $ Source
|
||||
Cookie cookie = new Cookie(PRESTO_UI_COOKIE, jwt);
|
||||
cookie.setPath("/ui");
|
||||
return cookie;
|
||||
@@ -108,7 +108,7 @@ class SensitiveCookieNotHttpOnly {
|
||||
// BAD - Tests set a sensitive cookie header without the `HttpOnly` flag set using a wrapper method.
|
||||
public void addCookie12(HttpServletRequest request, HttpServletResponse response, String jwt) {
|
||||
Cookie cookie = createAuthenticationCookie(request, jwt);
|
||||
response.addCookie(cookie); // $Alert
|
||||
response.addCookie(cookie); // $ Alert
|
||||
}
|
||||
|
||||
// GOOD - Tests remove a sensitive cookie header without the `HttpOnly` flag set using a wrapper method.
|
||||
@@ -141,14 +141,14 @@ class SensitiveCookieNotHttpOnly {
|
||||
// This example is missed because the `cookie.setHttpOnly` call in `createCookie` is thought to maybe set the HTTP-only flag, and the `cookie`
|
||||
// object flows to this `addCookie` call.
|
||||
public void addCookie15(HttpServletRequest request, HttpServletResponse response, String refreshToken) {
|
||||
response.addCookie(createCookie("refresh_token", refreshToken, false)); // $MISSING:Alert
|
||||
response.addCookie(createCookie("refresh_token", refreshToken, false)); // $ MISSING:Alert
|
||||
}
|
||||
|
||||
// GOOD - CSRF token doesn't need to have the `HttpOnly` flag set.
|
||||
public void addCsrfCookie(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
// Spring put the CSRF token in session attribute "_csrf"
|
||||
CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");
|
||||
|
||||
|
||||
// Send the cookie only if the token has changed
|
||||
String actualToken = request.getHeader("X-CSRF-TOKEN");
|
||||
if (actualToken == null || !actualToken.equals(csrfToken.getToken())) {
|
||||
|
||||
@@ -10,33 +10,33 @@ public class StaticInitializationVector {
|
||||
|
||||
// BAD: AES-GCM with static IV from a byte array
|
||||
public byte[] encryptWithStaticIvByteArrayWithInitializer(byte[] key, byte[] plaintext) throws Exception {
|
||||
byte[] iv = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }; // $Source
|
||||
byte[] iv = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 }; // $ Source
|
||||
|
||||
GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv);
|
||||
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
||||
|
||||
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $ Alert
|
||||
cipher.update(plaintext);
|
||||
return cipher.doFinal();
|
||||
}
|
||||
|
||||
// BAD: AES-GCM with static IV from zero-initialized byte array
|
||||
public byte[] encryptWithZeroStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception {
|
||||
byte[] iv = new byte[16]; // $Source
|
||||
byte[] iv = new byte[16]; // $ Source
|
||||
|
||||
GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv);
|
||||
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
||||
|
||||
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $ Alert
|
||||
cipher.update(plaintext);
|
||||
return cipher.doFinal();
|
||||
}
|
||||
|
||||
// BAD: AES-CBC with static IV from zero-initialized byte array
|
||||
public byte[] encryptWithStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception {
|
||||
byte[] iv = new byte[16]; // $Source
|
||||
byte[] iv = new byte[16]; // $ Source
|
||||
for (byte i = 0; i < iv.length; i++) {
|
||||
iv[i] = 1;
|
||||
}
|
||||
@@ -45,7 +45,7 @@ public class StaticInitializationVector {
|
||||
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
||||
|
||||
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $ Alert
|
||||
cipher.update(plaintext);
|
||||
return cipher.doFinal();
|
||||
}
|
||||
@@ -55,13 +55,13 @@ public class StaticInitializationVector {
|
||||
byte[][] staticIvs = new byte[][] {
|
||||
{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 },
|
||||
{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 }
|
||||
}; // $Source
|
||||
}; // $ Source
|
||||
|
||||
GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]);
|
||||
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
||||
|
||||
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $ Alert
|
||||
cipher.update(plaintext);
|
||||
return cipher.doFinal();
|
||||
}
|
||||
@@ -71,13 +71,13 @@ public class StaticInitializationVector {
|
||||
byte[][] staticIvs = new byte[][] {
|
||||
new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 },
|
||||
new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 }
|
||||
}; // $Source
|
||||
}; // $ Source
|
||||
|
||||
GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]);
|
||||
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
||||
|
||||
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $ Alert
|
||||
cipher.update(plaintext);
|
||||
return cipher.doFinal();
|
||||
}
|
||||
@@ -85,15 +85,15 @@ public class StaticInitializationVector {
|
||||
// BAD: AES-GCM with static IV from a multidimensional byte array
|
||||
public byte[] encryptWithOneOfStaticZeroIvs(byte[] key, byte[] plaintext) throws Exception {
|
||||
byte[][] ivs = new byte[][] {
|
||||
new byte[8], // $Source
|
||||
new byte[16] // $Source
|
||||
new byte[8], // $ Source
|
||||
new byte[16] // $ Source
|
||||
};
|
||||
|
||||
GCMParameterSpec ivSpec = new GCMParameterSpec(128, ivs[1]);
|
||||
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
||||
|
||||
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $ Alert
|
||||
cipher.update(plaintext);
|
||||
return cipher.doFinal();
|
||||
}
|
||||
@@ -165,8 +165,8 @@ public class StaticInitializationVector {
|
||||
return cipher.doFinal();
|
||||
}
|
||||
|
||||
public byte[] generate(int size) throws Exception {
|
||||
if (size == 0) {
|
||||
public byte[] generate(int size) throws Exception {
|
||||
if (size == 0) {
|
||||
return new byte[0];
|
||||
}
|
||||
byte[] randomBytes = new byte[size];
|
||||
@@ -182,7 +182,7 @@ public class StaticInitializationVector {
|
||||
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
||||
|
||||
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
|
||||
cipher.update(plaintext);
|
||||
return cipher.doFinal();
|
||||
}
|
||||
|
||||
@@ -8,122 +8,122 @@ import android.widget.RemoteViews;
|
||||
class Test extends Activity {
|
||||
void test(String password) {
|
||||
Notification.Builder builder = new Notification.Builder(this, "");
|
||||
builder.setContentText(password); // $sensitive-notification
|
||||
builder.setContentTitle(password); // $sensitive-notification
|
||||
builder.setContentInfo(password); // $sensitive-notification
|
||||
builder.setContentText(password); // $ sensitive-notification
|
||||
builder.setContentTitle(password); // $ sensitive-notification
|
||||
builder.setContentInfo(password); // $ sensitive-notification
|
||||
|
||||
Intent intent = new Intent();
|
||||
intent.putExtra("a", password);
|
||||
|
||||
builder.addExtras(intent.getExtras()); // $sensitive-notification
|
||||
builder.setCategory(password); // $sensitive-notification
|
||||
builder.setChannelId(password); // $sensitive-notification
|
||||
builder.setGroup(password); // $sensitive-notification
|
||||
builder.setExtras(intent.getExtras()); // $sensitive-notification
|
||||
builder.setGroup(password); // $sensitive-notification
|
||||
builder.setSortKey(password); // $sensitive-notification
|
||||
builder.setSettingsText(password); // $sensitive-notification
|
||||
builder.setRemoteInputHistory(new CharSequence[] { password }); // $sensitive-notification
|
||||
builder.setTicker(password); // $sensitive-notification
|
||||
builder.setTicker(password, null); // $sensitive-notification
|
||||
builder.addExtras(intent.getExtras()); // $ sensitive-notification
|
||||
builder.setCategory(password); // $ sensitive-notification
|
||||
builder.setChannelId(password); // $ sensitive-notification
|
||||
builder.setGroup(password); // $ sensitive-notification
|
||||
builder.setExtras(intent.getExtras()); // $ sensitive-notification
|
||||
builder.setGroup(password); // $ sensitive-notification
|
||||
builder.setSortKey(password); // $ sensitive-notification
|
||||
builder.setSettingsText(password); // $ sensitive-notification
|
||||
builder.setRemoteInputHistory(new CharSequence[] { password }); // $ sensitive-notification
|
||||
builder.setTicker(password); // $ sensitive-notification
|
||||
builder.setTicker(password, null); // $ sensitive-notification
|
||||
|
||||
builder.setStyle(new Notification.BigPictureStyle()
|
||||
.setContentDescription(password) // $sensitive-notification
|
||||
.setSummaryText(password) // $sensitive-notification
|
||||
.setBigContentTitle(password)); // $sensitive-notification
|
||||
.setContentDescription(password) // $ sensitive-notification
|
||||
.setSummaryText(password) // $ sensitive-notification
|
||||
.setBigContentTitle(password)); // $ sensitive-notification
|
||||
builder.setStyle(new Notification.BigTextStyle()
|
||||
.bigText(password) // $sensitive-notification
|
||||
.setSummaryText(password) // $sensitive-notification
|
||||
.setBigContentTitle(password)); // $sensitive-notification
|
||||
.bigText(password) // $ sensitive-notification
|
||||
.setSummaryText(password) // $ sensitive-notification
|
||||
.setBigContentTitle(password)); // $ sensitive-notification
|
||||
builder.setStyle(new Notification.InboxStyle()
|
||||
.addLine(password) // $sensitive-notification
|
||||
.setBigContentTitle(password) // $sensitive-notification
|
||||
.setSummaryText(password)); // $sensitive-notification
|
||||
.addLine(password) // $ sensitive-notification
|
||||
.setBigContentTitle(password) // $ sensitive-notification
|
||||
.setSummaryText(password)); // $ sensitive-notification
|
||||
builder.setStyle(new Notification.MediaStyle()
|
||||
.setRemotePlaybackInfo(password, 0, null)); // $sensitive-notification
|
||||
builder.setStyle(
|
||||
new Notification.MessagingStyle(password) // $sensitive-notification
|
||||
.setConversationTitle(password) // $sensitive-notification
|
||||
.addMessage(password, 0, "") // $sensitive-notification
|
||||
.addMessage(password, 0, (android.app.Person)null) // $sensitive-notification
|
||||
.addMessage("", 0, password) // $sensitive-notification
|
||||
.addMessage(new Notification.MessagingStyle.Message(password, 0, "")) // $sensitive-notification
|
||||
.addMessage(new Notification.MessagingStyle.Message(password, 0, (android.app.Person)null)) // $sensitive-notification
|
||||
.addMessage(new Notification.MessagingStyle.Message("", 0, password)) // $sensitive-notification
|
||||
.setRemotePlaybackInfo(password, 0, null)); // $ sensitive-notification
|
||||
builder.setStyle(
|
||||
new Notification.MessagingStyle(password) // $ sensitive-notification
|
||||
.setConversationTitle(password) // $ sensitive-notification
|
||||
.addMessage(password, 0, "") // $ sensitive-notification
|
||||
.addMessage(password, 0, (android.app.Person)null) // $ sensitive-notification
|
||||
.addMessage("", 0, password) // $ sensitive-notification
|
||||
.addMessage(new Notification.MessagingStyle.Message(password, 0, "")) // $ sensitive-notification
|
||||
.addMessage(new Notification.MessagingStyle.Message(password, 0, (android.app.Person)null)) // $ sensitive-notification
|
||||
.addMessage(new Notification.MessagingStyle.Message("", 0, password)) // $ sensitive-notification
|
||||
);
|
||||
|
||||
builder.addAction(0, password, null); // $sensitive-notification
|
||||
builder.addAction(new Notification.Action(0, password, null)); // $sensitive-notification
|
||||
builder.addAction(new Notification.Action.Builder(0, password, null) // $sensitive-notification
|
||||
.addExtras(intent.getExtras()) // $sensitive-notification
|
||||
builder.addAction(0, password, null); // $ sensitive-notification
|
||||
builder.addAction(new Notification.Action(0, password, null)); // $ sensitive-notification
|
||||
builder.addAction(new Notification.Action.Builder(0, password, null) // $ sensitive-notification
|
||||
.addExtras(intent.getExtras()) // $ sensitive-notification
|
||||
.build());
|
||||
builder.addAction(new Notification.Action.Builder(null, password, null).build()); // $sensitive-notification
|
||||
builder.addAction(new Notification.Action.Builder(null, password, null).build()); // $ sensitive-notification
|
||||
|
||||
builder.setStyle(Notification.CallStyle.forScreeningCall(null, null, null)
|
||||
.setVerificationText(password)); // $sensitive-notification
|
||||
builder.setStyle(Notification.CallStyle.forScreeningCall(null, null, null)
|
||||
.setVerificationText(password)); // $ sensitive-notification
|
||||
}
|
||||
|
||||
void test2(RemoteViews passwordView) {
|
||||
Notification.Builder builder = new Notification.Builder(this, "");
|
||||
builder.setContent(passwordView); // $sensitive-notification
|
||||
builder.setCustomBigContentView(passwordView); // $sensitive-notification
|
||||
builder.setCustomContentView(passwordView); // $sensitive-notification
|
||||
builder.setCustomHeadsUpContentView(passwordView); // $sensitive-notification
|
||||
builder.setTicker("", passwordView); // $sensitive-notification
|
||||
builder.setContent(passwordView); // $ sensitive-notification
|
||||
builder.setCustomBigContentView(passwordView); // $ sensitive-notification
|
||||
builder.setCustomContentView(passwordView); // $ sensitive-notification
|
||||
builder.setCustomHeadsUpContentView(passwordView); // $ sensitive-notification
|
||||
builder.setTicker("", passwordView); // $ sensitive-notification
|
||||
}
|
||||
|
||||
void test3(String password) {
|
||||
NotificationCompat.Builder builder = new NotificationCompat.Builder(this, "");
|
||||
builder.setContentText(password); // $sensitive-notification
|
||||
builder.setContentTitle(password); // $sensitive-notification
|
||||
builder.setContentInfo(password); // $sensitive-notification
|
||||
builder.setContentText(password); // $ sensitive-notification
|
||||
builder.setContentTitle(password); // $ sensitive-notification
|
||||
builder.setContentInfo(password); // $ sensitive-notification
|
||||
|
||||
Intent intent = new Intent();
|
||||
intent.putExtra("a", password);
|
||||
|
||||
builder.addExtras(intent.getExtras()); // $sensitive-notification
|
||||
builder.setCategory(password); // $sensitive-notification
|
||||
builder.setChannelId(password); // $sensitive-notification
|
||||
builder.setGroup(password); // $sensitive-notification
|
||||
builder.setExtras(intent.getExtras()); // $sensitive-notification
|
||||
builder.setGroup(password); // $sensitive-notification
|
||||
builder.setSortKey(password); // $sensitive-notification
|
||||
builder.setSettingsText(password); // $sensitive-notification
|
||||
builder.setRemoteInputHistory(new CharSequence[] { password }); // $sensitive-notification
|
||||
builder.setTicker(password); // $sensitive-notification
|
||||
builder.setTicker(password, null); // $sensitive-notification
|
||||
builder.addExtras(intent.getExtras()); // $ sensitive-notification
|
||||
builder.setCategory(password); // $ sensitive-notification
|
||||
builder.setChannelId(password); // $ sensitive-notification
|
||||
builder.setGroup(password); // $ sensitive-notification
|
||||
builder.setExtras(intent.getExtras()); // $ sensitive-notification
|
||||
builder.setGroup(password); // $ sensitive-notification
|
||||
builder.setSortKey(password); // $ sensitive-notification
|
||||
builder.setSettingsText(password); // $ sensitive-notification
|
||||
builder.setRemoteInputHistory(new CharSequence[] { password }); // $ sensitive-notification
|
||||
builder.setTicker(password); // $ sensitive-notification
|
||||
builder.setTicker(password, null); // $ sensitive-notification
|
||||
|
||||
builder.setStyle(new NotificationCompat.BigPictureStyle()
|
||||
.setContentDescription(password) // $sensitive-notification
|
||||
.setSummaryText(password) // $sensitive-notification
|
||||
.setBigContentTitle(password)); // $sensitive-notification
|
||||
.setContentDescription(password) // $ sensitive-notification
|
||||
.setSummaryText(password) // $ sensitive-notification
|
||||
.setBigContentTitle(password)); // $ sensitive-notification
|
||||
builder.setStyle(new NotificationCompat.BigTextStyle()
|
||||
.bigText(password) // $sensitive-notification
|
||||
.setSummaryText(password) // $sensitive-notification
|
||||
.setBigContentTitle(password)); // $sensitive-notification
|
||||
.bigText(password) // $ sensitive-notification
|
||||
.setSummaryText(password) // $ sensitive-notification
|
||||
.setBigContentTitle(password)); // $ sensitive-notification
|
||||
builder.setStyle(new NotificationCompat.InboxStyle()
|
||||
.addLine(password) // $sensitive-notification
|
||||
.setBigContentTitle(password) // $sensitive-notification
|
||||
.setSummaryText(password)); // $sensitive-notification
|
||||
builder.setStyle(
|
||||
new NotificationCompat.MessagingStyle(password) // $sensitive-notification
|
||||
.setConversationTitle(password) // $sensitive-notification
|
||||
.addMessage(password, 0, "") // $sensitive-notification
|
||||
.addMessage(password, 0, (androidx.core.app.Person)null) // $sensitive-notification
|
||||
.addMessage("", 0, password) // $sensitive-notification
|
||||
.addMessage(new NotificationCompat.MessagingStyle.Message(password, 0, "")) // $sensitive-notification
|
||||
.addMessage(new NotificationCompat.MessagingStyle.Message(password, 0, (androidx.core.app.Person)null)) // $sensitive-notification
|
||||
.addMessage(new NotificationCompat.MessagingStyle.Message("", 0, password)) // $sensitive-notification
|
||||
.addLine(password) // $ sensitive-notification
|
||||
.setBigContentTitle(password) // $ sensitive-notification
|
||||
.setSummaryText(password)); // $ sensitive-notification
|
||||
builder.setStyle(
|
||||
new NotificationCompat.MessagingStyle(password) // $ sensitive-notification
|
||||
.setConversationTitle(password) // $ sensitive-notification
|
||||
.addMessage(password, 0, "") // $ sensitive-notification
|
||||
.addMessage(password, 0, (androidx.core.app.Person)null) // $ sensitive-notification
|
||||
.addMessage("", 0, password) // $ sensitive-notification
|
||||
.addMessage(new NotificationCompat.MessagingStyle.Message(password, 0, "")) // $ sensitive-notification
|
||||
.addMessage(new NotificationCompat.MessagingStyle.Message(password, 0, (androidx.core.app.Person)null)) // $ sensitive-notification
|
||||
.addMessage(new NotificationCompat.MessagingStyle.Message("", 0, password)) // $ sensitive-notification
|
||||
);
|
||||
|
||||
builder.addAction(0, password, null); // $sensitive-notification
|
||||
builder.addAction(new NotificationCompat.Action(0, password, null)); // $sensitive-notification
|
||||
builder.addAction(new NotificationCompat.Action.Builder(0, password, null) // $sensitive-notification
|
||||
.addExtras(intent.getExtras()) // $sensitive-notification
|
||||
builder.addAction(0, password, null); // $ sensitive-notification
|
||||
builder.addAction(new NotificationCompat.Action(0, password, null)); // $ sensitive-notification
|
||||
builder.addAction(new NotificationCompat.Action.Builder(0, password, null) // $ sensitive-notification
|
||||
.addExtras(intent.getExtras()) // $ sensitive-notification
|
||||
.build());
|
||||
builder.addAction(new NotificationCompat.Action.Builder(null, password, null).build()); // $sensitive-notification
|
||||
builder.addAction(new NotificationCompat.Action.Builder(null, password, null).build()); // $ sensitive-notification
|
||||
|
||||
builder.setStyle(NotificationCompat.CallStyle.forScreeningCall(null, null, null)
|
||||
.setVerificationText(password)); // $sensitive-notification
|
||||
.setVerificationText(password)); // $ sensitive-notification
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,11 +11,11 @@ class Test extends Activity {
|
||||
void test(String password) {
|
||||
EditText test1 = findViewById(R.id.test1);
|
||||
// BAD: Exposing sensitive data to text view
|
||||
test1.setText(password); // $sensitive-text
|
||||
test1.setHint(password); // $sensitive-text
|
||||
test1.append(password); // $sensitive-text
|
||||
test1.setText(password); // $ sensitive-text
|
||||
test1.setHint(password); // $ sensitive-text
|
||||
test1.append(password); // $ sensitive-text
|
||||
// GOOD: resource constant is not sensitive info
|
||||
test1.setText(R.string.password_prompt);
|
||||
test1.setText(R.string.password_prompt);
|
||||
|
||||
// GOOD: Visibility is dynamically set
|
||||
TextView test2 = findViewById(R.id.test2);
|
||||
@@ -47,7 +47,7 @@ class Test extends Activity {
|
||||
|
||||
// BAD: Input type set to textVisiblePassword in XML, which is not hidden
|
||||
EditText test9 = findViewById(R.id.test9);
|
||||
test9.setText(password); // $sensitive-text
|
||||
test9.setText(password); // $ sensitive-text
|
||||
|
||||
// GOOD: Visibility set to invisible in XML
|
||||
EditText test10 = findViewById(R.id.test10);
|
||||
@@ -74,4 +74,4 @@ class Test extends Activity {
|
||||
// GOOD: Input type set to textPassword in XML
|
||||
test14.setText(password);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,9 +6,9 @@ import javax.crypto.KeyGenerator;
|
||||
class Test {
|
||||
void test() {
|
||||
KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder("MySecretKey", KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT);
|
||||
builder.setUserAuthenticationRequired(false); // $insecure-key
|
||||
builder.setInvalidatedByBiometricEnrollment(false); // $insecure-key
|
||||
builder.setUserAuthenticationValidityDurationSeconds(30); // $insecure-key
|
||||
builder.setUserAuthenticationRequired(false); // $ insecure-key
|
||||
builder.setInvalidatedByBiometricEnrollment(false); // $ insecure-key
|
||||
builder.setUserAuthenticationValidityDurationSeconds(30); // $ insecure-key
|
||||
}
|
||||
|
||||
private void generateSecretKey() throws Exception {
|
||||
@@ -36,4 +36,4 @@ class Callback extends BiometricPrompt.AuthenticationCallback {
|
||||
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
|
||||
useKey(result.getCryptoObject());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -16,15 +16,15 @@ class TestA {
|
||||
// BAD: result is not used
|
||||
class Test2 extends BiometricPrompt.AuthenticationCallback {
|
||||
@Override
|
||||
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $insecure-auth
|
||||
|
||||
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $ insecure-auth
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
// BAD: result is only used in a super call
|
||||
class Test3 extends BiometricPrompt.AuthenticationCallback {
|
||||
@Override
|
||||
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $insecure-auth
|
||||
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $ insecure-auth
|
||||
super.onAuthenticationSucceeded(result);
|
||||
}
|
||||
}
|
||||
@@ -62,15 +62,15 @@ class TestB {
|
||||
// BAD: result is not used
|
||||
class Test2 extends FingerprintManager.AuthenticationCallback {
|
||||
@Override
|
||||
public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult result) { // $insecure-auth
|
||||
|
||||
public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult result) { // $ insecure-auth
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
// BAD: result is only used in a super call
|
||||
class Test3 extends FingerprintManager.AuthenticationCallback {
|
||||
@Override
|
||||
public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult result) { // $insecure-auth
|
||||
public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult result) { // $ insecure-auth
|
||||
super.onAuthenticationSucceeded(result);
|
||||
}
|
||||
}
|
||||
@@ -91,4 +91,4 @@ class TestB {
|
||||
super.onAuthenticationSucceeded(result);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,15 +15,15 @@ class TestC {
|
||||
// BAD: result is not used
|
||||
class Test2 extends BiometricPrompt.AuthenticationCallback {
|
||||
@Override
|
||||
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $insecure-auth
|
||||
|
||||
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $ insecure-auth
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
// BAD: result is only used in a super call
|
||||
class Test3 extends BiometricPrompt.AuthenticationCallback {
|
||||
@Override
|
||||
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $insecure-auth
|
||||
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $ insecure-auth
|
||||
super.onAuthenticationSucceeded(result);
|
||||
}
|
||||
}
|
||||
@@ -44,4 +44,4 @@ class TestC {
|
||||
super.onAuthenticationSucceeded(result);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@ class Test {
|
||||
}
|
||||
|
||||
URLConnection test2() throws Exception {
|
||||
return new URL("https://bad.example.com").openConnection(); // $hasUntrustedResult
|
||||
return new URL("https://bad.example.com").openConnection(); // $ hasUntrustedResult
|
||||
}
|
||||
|
||||
URLConnection test3() throws Exception {
|
||||
|
||||
@@ -3,7 +3,7 @@ import java.net.URLConnection;
|
||||
|
||||
class Test {
|
||||
URLConnection test2() throws Exception {
|
||||
return new URL("https://example.com").openConnection(); // $hasNoTrustedResult
|
||||
return new URL("https://example.com").openConnection(); // $ hasNoTrustedResult
|
||||
}
|
||||
|
||||
URLConnection test3() throws Exception {
|
||||
|
||||
@@ -11,7 +11,7 @@ class Test {
|
||||
new OkHttpClient.Builder().certificatePinner(certificatePinner).build();
|
||||
|
||||
client.newCall(new Request.Builder().url("https://good.example.com").build()).execute();
|
||||
client.newCall(new Request.Builder().url("https://bad.example.com").build()).execute(); // $hasUntrustedResult
|
||||
client.newCall(new Request.Builder().url("https://bad.example.com").build()).execute(); // $ hasUntrustedResult
|
||||
client.newCall(new Request.Builder().url("classpath:example/directory/test.class").build())
|
||||
.execute();
|
||||
client.newCall(new Request.Builder().url("file:///example/file").build()).execute();
|
||||
|
||||
@@ -28,6 +28,6 @@ class Test {
|
||||
|
||||
void test2() throws Exception {
|
||||
URL url = new URL("http://www.example.com/");
|
||||
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); // $hasNoTrustedResult
|
||||
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); // $ hasNoTrustedResult
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,8 +9,8 @@ import android.app.Activity;
|
||||
|
||||
class Test {
|
||||
class A extends WebViewClient {
|
||||
public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { // $hasResult
|
||||
handler.proceed();
|
||||
public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { // $ hasResult
|
||||
handler.proceed();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -28,7 +28,7 @@ class Test {
|
||||
else {
|
||||
handler.cancel();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
class C extends WebViewClient {
|
||||
@@ -51,4 +51,4 @@ class Test {
|
||||
}).show();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@ class InsecureJakartaMailTest {
|
||||
if (null != authenticator) {
|
||||
properties.put("mail.smtp.auth", "true");
|
||||
}
|
||||
final Session session = Session.getInstance(properties, authenticator); // $hasInsecureJavaMail
|
||||
final Session session = Session.getInstance(properties, authenticator); // $ hasInsecureJavaMail
|
||||
}
|
||||
|
||||
public void testSecureJavaMail() {
|
||||
|
||||
@@ -19,7 +19,7 @@ class InsecureJavaMailTest {
|
||||
if (null != authenticator) {
|
||||
properties.put("mail.smtp.auth", "true");
|
||||
}
|
||||
final Session session = Session.getInstance(properties, authenticator); // $hasInsecureJavaMail
|
||||
final Session session = Session.getInstance(properties, authenticator); // $ hasInsecureJavaMail
|
||||
}
|
||||
|
||||
public void testSecureJavaMail() {
|
||||
|
||||
@@ -10,7 +10,7 @@ public class InsecureSimpleEmailTest {
|
||||
email.setHostName("config.hostName");
|
||||
email.setSmtpPort(25);
|
||||
email.setAuthenticator(new DefaultAuthenticator("config.username", "config.password"));
|
||||
email.setSSLOnConnect(true); // $hasInsecureJavaMail
|
||||
email.setSSLOnConnect(true); // $ hasInsecureJavaMail
|
||||
email.setFrom("fromAddress");
|
||||
email.setSubject("subject");
|
||||
email.setMsg("body");
|
||||
@@ -23,7 +23,7 @@ public class InsecureSimpleEmailTest {
|
||||
email.setHostName("config.hostName");
|
||||
email.setSmtpPort(25);
|
||||
email.setAuthenticator(new DefaultAuthenticator("config.username", "config.password"));
|
||||
email.setStartTLSRequired(true); // $hasInsecureJavaMail
|
||||
email.setStartTLSRequired(true); // $ hasInsecureJavaMail
|
||||
email.setFrom("fromAddress");
|
||||
email.setSubject("subject");
|
||||
email.setMsg("body");
|
||||
|
||||
@@ -100,13 +100,13 @@ public class CleartextStorageSharedPrefsTest extends Activity {
|
||||
SharedPreferences sharedPrefs =
|
||||
context.getSharedPreferences("user_prefs", Context.MODE_PRIVATE);
|
||||
sharedPrefs.edit().putString("name", name).apply(); // Safe
|
||||
sharedPrefs.edit().putString("password", password).apply(); // $hasCleartextStorageSharedPrefs
|
||||
sharedPrefs.edit().putString("password", password).apply(); // $ hasCleartextStorageSharedPrefs
|
||||
}
|
||||
|
||||
public void testSetSharedPrefs7(Context context, EditText name, EditText password) {
|
||||
SharedPreferences sharedPrefs =
|
||||
context.getSharedPreferences("user_prefs", Context.MODE_PRIVATE);
|
||||
sharedPrefs.edit().putString("name", name.getText().toString()).apply(); // Safe
|
||||
sharedPrefs.edit().putString("password", password.getText().toString()).apply(); // $hasCleartextStorageSharedPrefs
|
||||
sharedPrefs.edit().putString("password", password.getText().toString()).apply(); // $ hasCleartextStorageSharedPrefs
|
||||
}
|
||||
}
|
||||
|
||||
@@ -31,6 +31,6 @@ public class UnsafeActivity1 extends Activity {
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getExtras().getString("url");
|
||||
wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
|
||||
wv.loadUrl(thisUrl); // $ hasUnsafeAndroidAccess
|
||||
}
|
||||
}
|
||||
|
||||
@@ -31,6 +31,6 @@ public class UnsafeActivity2 extends Activity {
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getExtras().getString("url");
|
||||
wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
|
||||
wv.loadUrl(thisUrl); // $ hasUnsafeAndroidAccess
|
||||
}
|
||||
}
|
||||
|
||||
@@ -31,6 +31,6 @@ public class UnsafeActivity3 extends Activity {
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getExtras().getString("url");
|
||||
wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
|
||||
wv.loadUrl(thisUrl); // $ hasUnsafeAndroidAccess
|
||||
}
|
||||
}
|
||||
|
||||
@@ -31,7 +31,7 @@ public class UnsafeAndroidAccess extends Activity {
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getExtras().getString("url");
|
||||
wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
|
||||
wv.loadUrl(thisUrl); // $ hasUnsafeAndroidAccess
|
||||
}
|
||||
|
||||
// Test onCreate with both JavaScript and cross-origin resource access enabled while taking
|
||||
@@ -55,7 +55,7 @@ public class UnsafeAndroidAccess extends Activity {
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getStringExtra("url");
|
||||
wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
|
||||
wv.loadUrl(thisUrl); // $ hasUnsafeAndroidAccess
|
||||
}
|
||||
|
||||
// Test onCreate with both JavaScript and cross-origin resource access disabled by default while
|
||||
@@ -99,7 +99,7 @@ public class UnsafeAndroidAccess extends Activity {
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getStringExtra("url");
|
||||
wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
|
||||
wv.loadUrl(thisUrl); // $ hasUnsafeAndroidAccess
|
||||
}
|
||||
|
||||
// Test onCreate with both JavaScript and cross-origin resource access enabled while not taking
|
||||
|
||||
@@ -30,6 +30,6 @@ public class UnsafeAndroidBroadcastReceiver extends BroadcastReceiver {
|
||||
}
|
||||
});
|
||||
|
||||
wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
|
||||
wv.loadUrl(thisUrl); // $ hasUnsafeAndroidAccess
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,6 +10,6 @@ class SensitiveResultReceiver {
|
||||
ResultReceiver rec = intent.getParcelableExtra("hi");
|
||||
Bundle b = new Bundle();
|
||||
b.putCharSequence("pass", password);
|
||||
rec.send(0, b); // $hasSensitiveResultReceiver
|
||||
rec.send(0, b); // $ hasSensitiveResultReceiver
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user