diff --git a/src/main/java/com/bartek/esa/core/di/PluginModule.java b/src/main/java/com/bartek/esa/core/di/PluginModule.java index 662c8fc..0aa2dfb 100644 --- a/src/main/java/com/bartek/esa/core/di/PluginModule.java +++ b/src/main/java/com/bartek/esa/core/di/PluginModule.java @@ -1,6 +1,7 @@ package com.bartek.esa.core.di; import com.bartek.esa.core.archetype.Plugin; +import com.bartek.esa.core.plugin.DebuggablePlugin; import com.bartek.esa.core.plugin.LoggingPlugin; import com.bartek.esa.core.xml.XmlHelper; import com.bartek.esa.file.matcher.GlobMatcher; @@ -26,4 +27,10 @@ public class PluginModule { public Plugin loggingPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) { return new LoggingPlugin(globMatcher, xmlHelper); } + + @Provides + @IntoSet + public Plugin debuggablePlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) { + return new DebuggablePlugin(globMatcher, xmlHelper); + } } diff --git a/src/main/java/com/bartek/esa/core/plugin/DebuggablePlugin.java b/src/main/java/com/bartek/esa/core/plugin/DebuggablePlugin.java new file mode 100644 index 0000000..e198352 --- /dev/null +++ b/src/main/java/com/bartek/esa/core/plugin/DebuggablePlugin.java @@ -0,0 +1,30 @@ +package com.bartek.esa.core.plugin; + +import com.bartek.esa.core.archetype.AndroidManifestPlugin; +import com.bartek.esa.core.model.enumeration.Severity; +import com.bartek.esa.core.xml.XmlHelper; +import com.bartek.esa.file.matcher.GlobMatcher; +import org.w3c.dom.Document; +import org.w3c.dom.Node; + +import javax.inject.Inject; +import javax.xml.xpath.XPathConstants; +import java.util.Optional; + +public class DebuggablePlugin extends AndroidManifestPlugin { + + @Inject + public DebuggablePlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) { + super(globMatcher, xmlHelper); + } + + @Override + protected void run(Document xml) { + Node applicationNode = (Node) xPath(xml, "/manifest/application", XPathConstants.NODE); + Optional.ofNullable(applicationNode.getAttributes().getNamedItem("android:debuggable")).ifPresentOrElse(n -> { + if(!n.getNodeValue().equals("false")) { + addIssue(Severity.WARNING, ".NO_FALSE", null, n.toString()); + } + }, () -> addIssue(Severity.ERROR, ".NO_ATTR",null, null)); + } +} diff --git a/src/main/resources/description.properties b/src/main/resources/description.properties index 705c689..287ea05 100644 --- a/src/main/resources/description.properties +++ b/src/main/resources/description.properties @@ -3,5 +3,17 @@ com.bartek.esa.core.archetype.JavaPlugin.NO_PACKAGE=There is no package defined For example: \n\ Please fix it to use this tool. -com.bartek.esa.core.plugin.LoggingPlugin=Potential data leakage. \n\ - Logging method was detected. Please check if no sensitive data is logged there. \ No newline at end of file +com.bartek.esa.core.plugin.LoggingPlugin=Potential data leakage in logs. \n\ + Logging method was detected. Please check if no sensitive data is logged there. + +com.bartek.esa.core.plugin.DebuggablePlugin.NO_ATTR=There is no android:debuggable option. Potential data leakage. \n\ + The android:debuggable option was not found in the AndroidManifest.xml file. \n\ + To avoid any potential data leakage in the future, please explicitly set this flag to false. \n\ + The attribute should be placed in tag.\n\ + For example: + +com.bartek.esa.core.plugin.DebuggablePlugin.NO_FALSE=The android:debuggable is set to 'true'. Potential data leakage. \n\ + The android:debuggable option in AndroidManifest.xml is set to 'true'. \n\ + This will cause application to be debuggable and can result in \ + security issues and data leakage on the production environment. \n\ + Consider setting it to 'false'. \ No newline at end of file