bartek/esa-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

10: Clean plugins

Browse Source
This commit is contained in:
Bartłomiej Pluta
2019-04-17 12:07:29 +02:00
parent 4277304e20
commit b3c6c86a28
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/com/bartek/esa/core/plugin/StrictModePlugin.java
View File

@@ -24,6 +24,6 @@ public class StrictModePlugin extends JavaPlugin {
compilationUnit.findAll(MethodCallExpr.class).stream() compilationUnit.findAll(MethodCallExpr.class).stream()
.filter(expr -> expr.getName().getIdentifier().equals("setThreadPolicy")) .filter(expr -> expr.getName().getIdentifier().equals("setThreadPolicy"))
.filter(staticScopeHelper.isFromScope(compilationUnit, "setThreadPolicy", "StrictMode", "android.os")) .filter(staticScopeHelper.isFromScope(compilationUnit, "setThreadPolicy", "StrictMode", "android.os"))
.forEach(expr -> addIssue(Severity.INFO, getLineNumberFromExpression(expr), expr.toString())); .forEach(expr -> addIssue(Severity.WARNING, getLineNumberFromExpression(expr), expr.toString()));
} }
} }

2
src/main/java/com/bartek/esa/core/plugin/WebViewPlugin.java
View File

@@ -45,7 +45,7 @@ public class WebViewPlugin extends JavaPlugin {
private void issueSettingsMethod(MethodCallExpr methodCall, String descriptionCode) { private void issueSettingsMethod(MethodCallExpr methodCall, String descriptionCode) {
Expression firstArg = methodCall.getArguments().get(0); Expression firstArg = methodCall.getArguments().get(0);
if (firstArg.isBooleanLiteralExpr() && firstArg.asBooleanLiteralExpr().getValue()) { if (firstArg.isBooleanLiteralExpr() && firstArg.asBooleanLiteralExpr().getValue()) {
addIssue(Severity.INFO, descriptionCode, getLineNumberFromExpression(methodCall), methodCall.toString()); addIssue(Severity.WARNING, descriptionCode, getLineNumberFromExpression(methodCall), methodCall.toString());
} }
} }
} }

4
src/main/resources/description.properties
View File

@@ -31,7 +31,7 @@ Consider setting it to 'false'.
com.bartek.esa.core.plugin.PermissionsRaceConditionPlugin=Potential permissions race condition vulnerability. \n\ com.bartek.esa.core.plugin.PermissionsRaceConditionPlugin=Potential permissions race condition vulnerability. \n\
There are declared custom permissions in AndroidManifest.xml and the minimal API version is set to ${minSdkVersion} that is less than 21.\n\ There are declared custom permissions in AndroidManifest.xml and the minimal API version is set to ${minSdkVersion} that is less than 21.\n\
It means that declared permissions can be obtained by malicious application installed before and without need of having 1proper signature.\n\ It means that declared permissions can be obtained by malicious application installed before and without need of having proper signature.\n\
Consider setting minimal API version to 21 at least. Consider setting minimal API version to 21 at least.
com.bartek.esa.core.plugin.SecureRandomPlugin=Initializing SecureRandom object with custom seed. \n\ com.bartek.esa.core.plugin.SecureRandomPlugin=Initializing SecureRandom object with custom seed. \n\
@@ -88,7 +88,7 @@ com.bartek.esa.core.plugin.SuppressWarningsPlugin=@SuppressWarnings annotation w
The @SuppressWarnings annotation might be hiding useful warnings.\n\ The @SuppressWarnings annotation might be hiding useful warnings.\n\
Consider removing it. Consider removing it.
com.bartek.esa.core.plugin.ExportedComponentsPlugin.NO_PERMISSION=Exported activity.\n\ com.bartek.esa.core.plugin.ExportedComponentsPlugin.NO_PERMISSION=Exported ${componentType}.\n\
The ${componentType} with name '${componentName}' is exported but not protected by any permission. \n\ The ${componentType} with name '${componentName}' is exported but not protected by any permission. \n\
It means any malicious application could make use of the component. \n\ It means any malicious application could make use of the component. \n\
Consider using 'android:permission' tag and adding custom permission to protect it. Consider using 'android:permission' tag and adding custom permission to protect it.