diff --git a/src/main/java/com/bartek/esa/core/plugin/StrictModePlugin.java b/src/main/java/com/bartek/esa/core/plugin/StrictModePlugin.java index e8532f6..273f2af 100644 --- a/src/main/java/com/bartek/esa/core/plugin/StrictModePlugin.java +++ b/src/main/java/com/bartek/esa/core/plugin/StrictModePlugin.java @@ -24,6 +24,6 @@ public class StrictModePlugin extends JavaPlugin { compilationUnit.findAll(MethodCallExpr.class).stream() .filter(expr -> expr.getName().getIdentifier().equals("setThreadPolicy")) .filter(staticScopeHelper.isFromScope(compilationUnit, "setThreadPolicy", "StrictMode", "android.os")) - .forEach(expr -> addIssue(Severity.INFO, getLineNumberFromExpression(expr), expr.toString())); + .forEach(expr -> addIssue(Severity.WARNING, getLineNumberFromExpression(expr), expr.toString())); } } diff --git a/src/main/java/com/bartek/esa/core/plugin/WebViewPlugin.java b/src/main/java/com/bartek/esa/core/plugin/WebViewPlugin.java index 6753969..07de49b 100644 --- a/src/main/java/com/bartek/esa/core/plugin/WebViewPlugin.java +++ b/src/main/java/com/bartek/esa/core/plugin/WebViewPlugin.java @@ -45,7 +45,7 @@ public class WebViewPlugin extends JavaPlugin { private void issueSettingsMethod(MethodCallExpr methodCall, String descriptionCode) { Expression firstArg = methodCall.getArguments().get(0); if (firstArg.isBooleanLiteralExpr() && firstArg.asBooleanLiteralExpr().getValue()) { - addIssue(Severity.INFO, descriptionCode, getLineNumberFromExpression(methodCall), methodCall.toString()); + addIssue(Severity.WARNING, descriptionCode, getLineNumberFromExpression(methodCall), methodCall.toString()); } } } diff --git a/src/main/resources/description.properties b/src/main/resources/description.properties index 113d4d4..04612e4 100644 --- a/src/main/resources/description.properties +++ b/src/main/resources/description.properties @@ -31,7 +31,7 @@ Consider setting it to 'false'. com.bartek.esa.core.plugin.PermissionsRaceConditionPlugin=Potential permissions race condition vulnerability. \n\ There are declared custom permissions in AndroidManifest.xml and the minimal API version is set to ${minSdkVersion} that is less than 21.\n\ - It means that declared permissions can be obtained by malicious application installed before and without need of having 1proper signature.\n\ + It means that declared permissions can be obtained by malicious application installed before and without need of having proper signature.\n\ Consider setting minimal API version to 21 at least. com.bartek.esa.core.plugin.SecureRandomPlugin=Initializing SecureRandom object with custom seed. \n\ @@ -88,7 +88,7 @@ com.bartek.esa.core.plugin.SuppressWarningsPlugin=@SuppressWarnings annotation w The @SuppressWarnings annotation might be hiding useful warnings.\n\ Consider removing it. -com.bartek.esa.core.plugin.ExportedComponentsPlugin.NO_PERMISSION=Exported activity.\n\ +com.bartek.esa.core.plugin.ExportedComponentsPlugin.NO_PERMISSION=Exported ${componentType}.\n\ The ${componentType} with name '${componentName}' is exported but not protected by any permission. \n\ It means any malicious application could make use of the component. \n\ Consider using 'android:permission' tag and adding custom permission to protect it.