bartek/esa-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

10: Create AllowBackupPlugin

Browse Source
This commit is contained in:
Bartłomiej Pluta
2019-04-05 13:44:42 +02:00
parent e8fa888aef
commit 10d3f7d02d
3 changed files with 48 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/com/bartek/esa/core/di/PluginModule.java
View File

@@ -1,6 +1,7 @@
package com.bartek.esa.core.di; package com.bartek.esa.core.di;
import com.bartek.esa.core.archetype.Plugin; import com.bartek.esa.core.archetype.Plugin;
import com.bartek.esa.core.plugin.AllowBackupPlugin;
import com.bartek.esa.core.plugin.DebuggablePlugin; import com.bartek.esa.core.plugin.DebuggablePlugin;
import com.bartek.esa.core.plugin.LoggingPlugin; import com.bartek.esa.core.plugin.LoggingPlugin;
import com.bartek.esa.core.xml.XmlHelper; import com.bartek.esa.core.xml.XmlHelper;
@@ -33,4 +34,10 @@ public class PluginModule {
public Plugin debuggablePlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) { public Plugin debuggablePlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
return new DebuggablePlugin(globMatcher, xmlHelper); return new DebuggablePlugin(globMatcher, xmlHelper);
} }
@Provides
@IntoSet
public Plugin allowBackupPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
return new AllowBackupPlugin(globMatcher, xmlHelper);
}
} }

30
src/main/java/com/bartek/esa/core/plugin/AllowBackupPlugin.java Normal file
View File

@@ -0,0 +1,30 @@
package com.bartek.esa.core.plugin;
import com.bartek.esa.core.archetype.AndroidManifestPlugin;
import com.bartek.esa.core.model.enumeration.Severity;
import com.bartek.esa.core.xml.XmlHelper;
import com.bartek.esa.file.matcher.GlobMatcher;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import javax.inject.Inject;
import javax.xml.xpath.XPathConstants;
import java.util.Optional;
public class AllowBackupPlugin extends AndroidManifestPlugin {
@Inject
public AllowBackupPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
super(globMatcher, xmlHelper);
}
@Override
protected void run(Document xml) {
Node applicationNode = (Node) xPath(xml, "/manifest/application", XPathConstants.NODE);
Optional.ofNullable(applicationNode.getAttributes().getNamedItem("android:allowBackup")).ifPresentOrElse(n -> {
if (!n.getNodeValue().equals("false")) {
addIssue(Severity.WARNING, ".NO_FALSE", null, n.toString());
}
}, () -> addIssue(Severity.ERROR, ".NO_ATTR", null, null));
}
}

11
src/main/resources/description.properties
View File

@@ -16,4 +16,15 @@ com.bartek.esa.core.plugin.DebuggablePlugin.NO_FALSE=The android:debuggable is s
The android:debuggable option in AndroidManifest.xml is set to 'true'. \n\ The android:debuggable option in AndroidManifest.xml is set to 'true'. \n\
This will cause application to be debuggable and can result in \ This will cause application to be debuggable and can result in \
security issues and data leakage on the production environment. \n\ security issues and data leakage on the production environment. \n\
Consider setting it to 'false'.
com.bartek.esa.core.plugin.AllowBackupPlugin.NO_ATTR=There is no android:allowBackup option. Potential data leakage. \n\
The android:allowBackup option was not found in the AndroidManifest.xml file. \n\
To avoid any potential data theft in the future, please explicitly set this flag to false. \n\
The attribute should be placed in <application> tag.\n\
For example: <application android:allowBackup="false">
com.bartek.esa.core.plugin.AllowBackupPlugin.NO_FALSE=The android:allowBackup is set to 'true'. Potential data leakage. \n\
The android:allowBackup option in AndroidManifest.xml is set to 'true'. \n\
This will allow accessing the backups via adb if device has USB debugging enabled.\n\
Consider setting it to 'false'. Consider setting it to 'false'.