bartek/esa-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

10: Create DebuggablePlugin

Browse Source
This commit is contained in:
Bartłomiej Pluta
2019-04-05 13:35:27 +02:00
parent bd6b5df8c1
commit e8fa888aef
3 changed files with 51 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/com/bartek/esa/core/di/PluginModule.java
View File

@@ -1,6 +1,7 @@
package com.bartek.esa.core.di;
import com.bartek.esa.core.archetype.Plugin;
import com.bartek.esa.core.plugin.DebuggablePlugin;
import com.bartek.esa.core.plugin.LoggingPlugin;
import com.bartek.esa.core.xml.XmlHelper;
import com.bartek.esa.file.matcher.GlobMatcher;
@@ -26,4 +27,10 @@ public class PluginModule {
public Plugin loggingPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
return new LoggingPlugin(globMatcher, xmlHelper);
}
@Provides
@IntoSet
public Plugin debuggablePlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
return new DebuggablePlugin(globMatcher, xmlHelper);
}
}

30
src/main/java/com/bartek/esa/core/plugin/DebuggablePlugin.java Normal file
View File

@@ -0,0 +1,30 @@
package com.bartek.esa.core.plugin;
import com.bartek.esa.core.archetype.AndroidManifestPlugin;
import com.bartek.esa.core.model.enumeration.Severity;
import com.bartek.esa.core.xml.XmlHelper;
import com.bartek.esa.file.matcher.GlobMatcher;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import javax.inject.Inject;
import javax.xml.xpath.XPathConstants;
import java.util.Optional;
public class DebuggablePlugin extends AndroidManifestPlugin {
@Inject
public DebuggablePlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
super(globMatcher, xmlHelper);
}
@Override
protected void run(Document xml) {
Node applicationNode = (Node) xPath(xml, "/manifest/application", XPathConstants.NODE);
Optional.ofNullable(applicationNode.getAttributes().getNamedItem("android:debuggable")).ifPresentOrElse(n -> {
if(!n.getNodeValue().equals("false")) {
addIssue(Severity.WARNING, ".NO_FALSE", null, n.toString());
}
}, () -> addIssue(Severity.ERROR, ".NO_ATTR",null, null));
}
}

16
src/main/resources/description.properties
View File

@@ -3,5 +3,17 @@ com.bartek.esa.core.archetype.JavaPlugin.NO_PACKAGE=There is no package defined
For example: <manifest package="com.bartek.esa.test">\n\
Please fix it to use this tool.
com.bartek.esa.core.plugin.LoggingPlugin=Potential data leakage. \n\
Logging method was detected. Please check if no sensitive data is logged there.
com.bartek.esa.core.plugin.LoggingPlugin=Potential data leakage in logs. \n\
Logging method was detected. Please check if no sensitive data is logged there.
com.bartek.esa.core.plugin.DebuggablePlugin.NO_ATTR=There is no android:debuggable option. Potential data leakage. \n\
The android:debuggable option was not found in the AndroidManifest.xml file. \n\
To avoid any potential data leakage in the future, please explicitly set this flag to false. \n\
The attribute should be placed in <application> tag.\n\
For example: <application android:debuggable="false">
com.bartek.esa.core.plugin.DebuggablePlugin.NO_FALSE=The android:debuggable is set to 'true'. Potential data leakage. \n\
The android:debuggable option in AndroidManifest.xml is set to 'true'. \n\
This will cause application to be debuggable and can result in \
security issues and data leakage on the production environment. \n\
Consider setting it to 'false'.