diff --git a/src/main/java/com/bartek/esa/core/di/PluginModule.java b/src/main/java/com/bartek/esa/core/di/PluginModule.java index 0aa2dfb..bdde37c 100644 --- a/src/main/java/com/bartek/esa/core/di/PluginModule.java +++ b/src/main/java/com/bartek/esa/core/di/PluginModule.java @@ -1,6 +1,7 @@ package com.bartek.esa.core.di; import com.bartek.esa.core.archetype.Plugin; +import com.bartek.esa.core.plugin.AllowBackupPlugin; import com.bartek.esa.core.plugin.DebuggablePlugin; import com.bartek.esa.core.plugin.LoggingPlugin; import com.bartek.esa.core.xml.XmlHelper; @@ -33,4 +34,10 @@ public class PluginModule { public Plugin debuggablePlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) { return new DebuggablePlugin(globMatcher, xmlHelper); } + + @Provides + @IntoSet + public Plugin allowBackupPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) { + return new AllowBackupPlugin(globMatcher, xmlHelper); + } } diff --git a/src/main/java/com/bartek/esa/core/plugin/AllowBackupPlugin.java b/src/main/java/com/bartek/esa/core/plugin/AllowBackupPlugin.java new file mode 100644 index 0000000..87c21a6 --- /dev/null +++ b/src/main/java/com/bartek/esa/core/plugin/AllowBackupPlugin.java @@ -0,0 +1,30 @@ +package com.bartek.esa.core.plugin; + +import com.bartek.esa.core.archetype.AndroidManifestPlugin; +import com.bartek.esa.core.model.enumeration.Severity; +import com.bartek.esa.core.xml.XmlHelper; +import com.bartek.esa.file.matcher.GlobMatcher; +import org.w3c.dom.Document; +import org.w3c.dom.Node; + +import javax.inject.Inject; +import javax.xml.xpath.XPathConstants; +import java.util.Optional; + +public class AllowBackupPlugin extends AndroidManifestPlugin { + + @Inject + public AllowBackupPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) { + super(globMatcher, xmlHelper); + } + + @Override + protected void run(Document xml) { + Node applicationNode = (Node) xPath(xml, "/manifest/application", XPathConstants.NODE); + Optional.ofNullable(applicationNode.getAttributes().getNamedItem("android:allowBackup")).ifPresentOrElse(n -> { + if (!n.getNodeValue().equals("false")) { + addIssue(Severity.WARNING, ".NO_FALSE", null, n.toString()); + } + }, () -> addIssue(Severity.ERROR, ".NO_ATTR", null, null)); + } +} diff --git a/src/main/resources/description.properties b/src/main/resources/description.properties index 287ea05..10a1b91 100644 --- a/src/main/resources/description.properties +++ b/src/main/resources/description.properties @@ -16,4 +16,15 @@ com.bartek.esa.core.plugin.DebuggablePlugin.NO_FALSE=The android:debuggable is s The android:debuggable option in AndroidManifest.xml is set to 'true'. \n\ This will cause application to be debuggable and can result in \ security issues and data leakage on the production environment. \n\ + Consider setting it to 'false'. + +com.bartek.esa.core.plugin.AllowBackupPlugin.NO_ATTR=There is no android:allowBackup option. Potential data leakage. \n\ + The android:allowBackup option was not found in the AndroidManifest.xml file. \n\ + To avoid any potential data theft in the future, please explicitly set this flag to false. \n\ + The attribute should be placed in tag.\n\ + For example: + +com.bartek.esa.core.plugin.AllowBackupPlugin.NO_FALSE=The android:allowBackup is set to 'true'. Potential data leakage. \n\ + The android:allowBackup option in AndroidManifest.xml is set to 'true'. \n\ + This will allow accessing the backups via adb if device has USB debugging enabled.\n\ Consider setting it to 'false'. \ No newline at end of file