rspec/rules/S6293/java/rule.adoc

include::../description.adoc[]

== Sensitive Code Example

A ``++CryptoObject++`` is not used during authentication: 

[source,java]
----
// ...
BiometricPrompt biometricPrompt = new BiometricPrompt(activity, executor, callback);
// ...
biometricPrompt.authenticate(promptInfo); // Noncompliant
----

== Compliant Solution

A ``++CryptoObject++`` is used during authentication: 

[source,java]
----
// ...
BiometricPrompt biometricPrompt = new BiometricPrompt(activity, executor, callback);
// ...
biometricPrompt.authenticate(promptInfo, new BiometricPrompt.CryptoObject(cipher)); // Compliant

----

include::../see.adoc[]
Create rule S6293: Using a biometric authentication independent of a cryptographic solution is security-sensitive (#92) * Create rule S6293 * init rspec s6293 * improve description and add java subtask * fixes after review Co-authored-by: eric-therond-sonarsource <eric-therond-sonarsource@users.noreply.github.com> Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com> 2021-07-01 09:16:41 +00:00			`include::../description.adoc[]`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Sensitive Code Example`
Create rule S6293: Using a biometric authentication independent of a cryptographic solution is security-sensitive (#92) * Create rule S6293 * init rspec s6293 * improve description and add java subtask * fixes after review Co-authored-by: eric-therond-sonarsource <eric-therond-sonarsource@users.noreply.github.com> Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com> 2021-07-01 09:16:41 +00:00
			A ``++CryptoObject++`` is not used during authentication:

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Create rule S6293: Using a biometric authentication independent of a cryptographic solution is security-sensitive (#92) * Create rule S6293 * init rspec s6293 * improve description and add java subtask * fixes after review Co-authored-by: eric-therond-sonarsource <eric-therond-sonarsource@users.noreply.github.com> Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com> 2021-07-01 09:16:41 +00:00			`----`
			`// ...`
			`BiometricPrompt biometricPrompt = new BiometricPrompt(activity, executor, callback);`
			`// ...`
			`biometricPrompt.authenticate(promptInfo); // Noncompliant`
			`----`

			`== Compliant Solution`

			A ``++CryptoObject++`` is used during authentication:

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Create rule S6293: Using a biometric authentication independent of a cryptographic solution is security-sensitive (#92) * Create rule S6293 * init rspec s6293 * improve description and add java subtask * fixes after review Co-authored-by: eric-therond-sonarsource <eric-therond-sonarsource@users.noreply.github.com> Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com> 2021-07-01 09:16:41 +00:00			`----`
			`// ...`
			`BiometricPrompt biometricPrompt = new BiometricPrompt(activity, executor, callback);`
			`// ...`
			`biometricPrompt.authenticate(promptInfo, new BiometricPrompt.CryptoObject(cipher)); // Compliant`

			`----`

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`include::../see.adoc[]`