d408fe4dd9
## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
37 lines
950 B
Plaintext
37 lines
950 B
Plaintext
== How to fix it in Realm
|
|
|
|
=== Code examples
|
|
|
|
In the example below, a local database is opened using a hardcoded key. To fix this, the key is moved to a secure location instead and retrieved using a `getKey()` method.
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,kotlin,diff-id=101,diff-type=noncompliant]
|
|
----
|
|
val key = "gb09ym9ydoolp3w886d0tciczj6ve9kszqd65u7d126040gwy86xqimjpuuc788g"
|
|
val config = RealmConfiguration.Builder()
|
|
.encryptionKey(key.toByteArray()) // Noncompliant
|
|
.build()
|
|
val realm = Realm.getInstance(config)
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,kotlin,diff-id=101,diff-type=compliant]
|
|
----
|
|
val config = RealmConfiguration.Builder()
|
|
.encryptionKey(getKey())
|
|
.build()
|
|
val realm = Realm.getInstance(config)
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/android-apis.adoc[]
|
|
|
|
include::../../common/fix/dynamic-retrieval.adoc[]
|
|
|
|
=== Going the extra mile
|
|
|
|
include::../../common/extra-mile/avoid-local-data.adoc[]
|