ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6301/kotlin/how-to-fix-it/sqlcipher.adoc

31 lines
840 B
Plaintext
Raw Normal View History

Modify rule S6301: update to LaYC format (APPSEC-973) (#2984) ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
2023-08-30 13:55:19 +02:00
== How to fix it in SQLCipher
=== Code examples
In the example below, a local database is opened using a hardcoded key. To fix this, the key is moved to a secure location instead and retrieved using a `getKey()` method.
==== Noncompliant code example
[source,kotlin,diff-id=201,diff-type=noncompliant]
----
val key = "gb09ym9ydoolp3w886d0tciczj6ve9kszqd65u7d126040gwy86xqimjpuuc788g"
val db = SQLiteDatabase.openOrCreateDatabase("test.db", key, null) // Noncompliant
----
==== Compliant solution
[source,kotlin,diff-id=201,diff-type=compliant]
----
val db = SQLiteDatabase.openOrCreateDatabase("test.db", getKey(), null)
----
=== How does this work?
include::../../common/fix/android-apis.adoc[]
include::../../common/fix/dynamic-retrieval.adoc[]
=== Going the extra mile
include::../../common/extra-mile/avoid-local-data.adoc[]
Reference in New Issue Copy Permalink