10: Add TelephonyManagerPlugin

2019-04-17 11:30:10 +02:00
parent 716a6bc92c
commit 4277304e20
3 changed files with 36 additions and 0 deletions
--- a/src/main/java/com/bartek/esa/core/di/PluginModule.java
+++ b/src/main/java/com/bartek/esa/core/di/PluginModule.java
@@ -143,4 +143,10 @@ public class PluginModule {
    public Plugin webViewPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
        return new WebViewPlugin(globMatcher, xmlHelper);
    }
+
+    @Provides
+    @IntoSet
+    public Plugin telephonyManagerPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
+        return new TelephonyManagerPlugin(globMatcher, xmlHelper);
+    }
 }
--- a/src/main/java/com/bartek/esa/core/plugin/TelephonyManagerPlugin.java
+++ b/src/main/java/com/bartek/esa/core/plugin/TelephonyManagerPlugin.java
@@ -0,0 +1,26 @@
+package com.bartek.esa.core.plugin;
+
+import com.bartek.esa.core.archetype.JavaPlugin;
+import com.bartek.esa.core.model.enumeration.Severity;
+import com.bartek.esa.core.xml.XmlHelper;
+import com.bartek.esa.file.matcher.GlobMatcher;
+import com.github.javaparser.ast.CompilationUnit;
+import com.github.javaparser.ast.expr.CastExpr;
+
+import javax.inject.Inject;
+
+public class TelephonyManagerPlugin extends JavaPlugin {
+
+    @Inject
+    public TelephonyManagerPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
+        super(globMatcher, xmlHelper);
+    }
+
+    @Override
+    public void run(CompilationUnit compilationUnit) {
+        compilationUnit.findAll(CastExpr.class).stream()
+                .filter(expr -> expr.getType().isClassOrInterfaceType())
+                .filter(expr -> expr.getType().asClassOrInterfaceType().getName().getIdentifier().equals("TelephonyManager"))
+                .forEach(expr -> addIssue(Severity.INFO, getLineNumberFromExpression(expr), expr.toString()));
+    }
+}
--- a/src/main/resources/description.properties
+++ b/src/main/resources/description.properties
@@ -136,3 +136,7 @@ com.bartek.esa.core.plugin.WebViewPlugin.ALLOW_FILE_ACCESS=Access to file system
  The WebView has granted access to private files. Loading content from untrusted source may effect with \n\
  accessing private files by malicious site/application.\n\
  Consider disabling this option.
+
+com.bartek.esa.core.plugin.TelephonyManagerPlugin=Usage of TelephonyManager.\n\
+ The TelephonyManager service is detected to be used.\n\
+ Make sure that no sensitive data (like IMEI, phone number etc.) exits the application.