rspec/rules/S6291/java/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

For https://developer.android.com/reference/kotlin/android/database/sqlite/SQLiteDatabase[SQLiteDatabase]:

----
SQLiteDatabase db = activity.openOrCreateDatabase("test.db", Context.MODE_PRIVATE, null); // Sensitive
----

For https://developer.android.com/training/data-storage/shared-preferences[SharedPreferences]:

----
SharedPreferences pref = activity.getPreferences(Context.MODE_PRIVATE); // Sensitive
----

For https://docs.mongodb.com/realm/[Realm]:

----
RealmConfiguration config = new RealmConfiguration.Builder().build();
Realm realm = Realm.getInstance(config); // Sensitive
----

== Compliant Solution

Instead of SQLiteDatabase you can use https://www.zetetic.net/sqlcipher/sqlcipher-for-android/[SQLCipher]:

[source,java]
----
SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase("test.db", getKey(), null);
----

Instead of SharedPreferences you can use https://developer.android.com/reference/androidx/security/crypto/EncryptedSharedPreferences[EncryptedSharedPreferences]:

[source,java]
----
String masterKeyAlias = new MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC);
EncryptedSharedPreferences.create(
    "secret",
    masterKeyAlias,
    context,
    EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
    EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
);
----

For Realm an encryption key can be specified in the config:

[source,java]
----
RealmConfiguration config = new RealmConfiguration.Builder()
    .encryptionKey(getKey())
    .build();
Realm realm = Realm.getInstance(config);
----

include::../see.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

endif::env-github,rspecator-view[]