10: Create CipherInstancePlugin

src/main/java/com/bartek/esa/core/di/PluginModule.java

@@ -69,4 +69,10 @@ public class PluginModule {
     public Plugin usesSdkPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
         return new UsesSdkPlugin(globMatcher, xmlHelper);
     }
+
+    @Provides
+    @IntoSet
+    public Plugin cipherInstancePlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
+        return new CipherInstancePlugin(globMatcher, xmlHelper);
+    }
 }

src/main/java/com/bartek/esa/core/plugin/CipherInstancePlugin.java

@@ -0,0 +1,71 @@
+package com.bartek.esa.core.plugin;
+
+import com.bartek.esa.core.archetype.JavaPlugin;
+import com.bartek.esa.core.model.enumeration.Severity;
+import com.bartek.esa.core.xml.XmlHelper;
+import com.bartek.esa.file.matcher.GlobMatcher;
+import com.github.javaparser.ast.CompilationUnit;
+import com.github.javaparser.ast.ImportDeclaration;
+import com.github.javaparser.ast.Node;
+import com.github.javaparser.ast.expr.*;
+
+import javax.inject.Inject;
+import java.util.Optional;
+import java.util.regex.Pattern;
+
+public class CipherInstancePlugin extends JavaPlugin {
+    private static final Pattern ALGORITHM_QUALIFIER = Pattern.compile("^\"\\w+/\\w+/\\w+\"$");
+
+    @Inject
+    public CipherInstancePlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
+        super(globMatcher, xmlHelper);
+    }
+
+    @Override
+    public void run(CompilationUnit compilationUnit) {
+        compilationUnit.findAll(MethodCallExpr.class).stream()
+                .filter(expr -> expr.getName().getIdentifier().equals("getInstance"))
+                .filter(expr -> isCipherMethod(expr, compilationUnit))
+                .filter(expr -> expr.getArguments().isNonEmpty())
+                .filter(expr -> !isFullCipherQualifier(expr.getArguments().get(0).toString()))
+                .forEach(expr -> addIssue(Severity.ERROR, getLineNumberFromExpression(expr), expr.toString()));
+    }
+
+    private boolean isCipherMethod(MethodCallExpr expr, CompilationUnit compilationUnit) {
+        boolean isCipherMethod = expr.getScope()
+                .filter(Expression::isNameExpr)
+                .map(Expression::asNameExpr)
+                .map(NameExpr::getName)
+                .map(SimpleName::getIdentifier)
+                .filter(name -> name.equals("Cipher"))
+                .isPresent();
+
+        if(!isCipherMethod) {
+            isCipherMethod = compilationUnit.findAll(ImportDeclaration.class).stream()
+                    .filter(ImportDeclaration::isStatic)
+                    .filter(e -> e.getName().getIdentifier().equals("getInstance"))
+                    .map(ImportDeclaration::getName)
+                    .map(Name::getQualifier)
+                    .flatMap(Optional::stream)
+                    .map(Node::toString)
+                    .anyMatch(q -> q.equals("javax.crypto.Cipher"));
+        }
+
+        if(!isCipherMethod) {
+            isCipherMethod = compilationUnit.findAll(ImportDeclaration.class).stream()
+                    .filter(ImportDeclaration::isStatic)
+                    .filter(ImportDeclaration::isAsterisk)
+                    .map(ImportDeclaration::getName)
+                    .map(Name::getQualifier)
+                    .flatMap(Optional::stream)
+                    .map(Node::toString)
+                    .anyMatch(q -> q.equals("javax.crypto"));
+        }
+
+        return isCipherMethod;
+    }
+
+    private boolean isFullCipherQualifier(String qualifier) {
+        return ALGORITHM_QUALIFIER.matcher(qualifier).matches();
+    }
+}

src/main/resources/description.properties

@@ -63,4 +63,10 @@ com.bartek.esa.core.plugin.UsesSdkPlugin.NO_USES_SDK=There is no <uses-sdk> defi
 
 com.bartek.esa.core.plugin.UsesSdkPlugin.USES_SDK.NO_MIN_SDK_VERSION=There is no minSdkVersion defined in AndroidManifest.xml file.\n\
   In order to use this tool, minimal SDK version should be provided as the attribute of <uses-sdk> element.\n\
-  For example: <uses-sdk android:minSdkVersion="23">
+  For example: <uses-sdk android:minSdkVersion="23">
+
+com.bartek.esa.core.plugin.CipherInstancePlugin=Not fully-qualified algorithm name provided in Cipher.getInstance() method.\n\
+  Passing a shortcut instead of fully-qualified algorithm name in Cipher.getInstance() method is not portable across providers\n\
+  and can impact the system low secure than intended to be.\n\
+  Fully-qualified name matches the pattern: algorithm/mode/pattern\n\
+  For example: AES/CBC/PKCS5Padding