diff --git a/rules/S6291/java/rule.adoc b/rules/S6291/java/rule.adoc index e3147cd79a..0d16a1430d 100644 --- a/rules/S6291/java/rule.adoc +++ b/rules/S6291/java/rule.adoc @@ -4,6 +4,57 @@ include::../ask-yourself.adoc[] include::../recommended.adoc[] +== Sensitive Code Example + +For https://developer.android.com/reference/kotlin/android/database/sqlite/SQLiteDatabase[SQLiteDatabase]: + +---- +SQLiteDatabase db = activity.openOrCreateDatabase("test.db", Context.MODE_PRIVATE, null); // Sensitive +---- + +For https://developer.android.com/training/data-storage/shared-preferences[SharedPreferences]: + +---- +SharedPreferences pref = activity.getPreferences(Context.MODE_PRIVATE); // Sensitive +---- + +For https://docs.mongodb.com/realm/[Realm]: + +---- +RealmConfiguration config = new RealmConfiguration.Builder().build(); +Realm realm = Realm.getInstance(config); // Sensitive +---- + +== Compliant Solution + +Instead of SQLiteDatabase you can use https://www.zetetic.net/sqlcipher/sqlcipher-for-android/[SQLCipher]: + +---- +SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase("test.db", getKey(), null); +---- + +Instead of SharedPreferences you can use https://developer.android.com/reference/androidx/security/crypto/EncryptedSharedPreferences[EncryptedSharedPreferences]: + +---- +String masterKeyAlias = new MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC); +EncryptedSharedPreferences.create( + "secret", + masterKeyAlias, + context, + EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV, + EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM +); +---- + +For Realm an encryption key can be specified in the config: + +---- +RealmConfiguration config = new RealmConfiguration.Builder() + .encryptionKey(getKey()) + .build(); +Realm realm = Realm.getInstance(config); +---- + include::../see.adoc[] @@ -15,4 +66,4 @@ ifdef::env-github,rspecator-view[] include::../message.adoc[] -endif::env-github,rspecator-view[] \ No newline at end of file +endif::env-github,rspecator-view[]