ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6291/kotlin/rule.adoc
Fred Tingaud b4161466e6
RULEAPI-661: Add syntax coloring
2022-02-04 16:28:24 +00:00

73 lines
1.7 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
For https://developer.android.com/reference/kotlin/android/database/sqlite/SQLiteDatabase[SQLiteDatabase]:
----
var db = activity.openOrCreateDatabase("test.db", Context.MODE_PRIVATE, null) // Sensitive
----
For https://developer.android.com/training/data-storage/shared-preferences[SharedPreferences]:
----
val pref = activity.getPreferences(Context.MODE_PRIVATE) // Sensitive
----
For https://docs.mongodb.com/realm/[Realm]:
----
val config = RealmConfiguration.Builder().build()
val realm = Realm.getInstance(config) // Sensitive
----
== Compliant Solution
Instead of SQLiteDatabase you can use https://www.zetetic.net/sqlcipher/sqlcipher-for-android/[SQLCipher]:
[source,kotlin]
----
val db = SQLiteDatabase.openOrCreateDatabase("test.db", getKey(), null)
----
Instead of SharedPreferences you can use https://developer.android.com/reference/androidx/security/crypto/EncryptedSharedPreferences[EncryptedSharedPreferences]:
[source,kotlin]
----
val masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)
EncryptedSharedPreferences.create(
"secret",
masterKeyAlias,
context,
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
)
----
For Realm an encryption key can be specified in the config:
[source,kotlin]
----
val config = RealmConfiguration.Builder()
.encryptionKey(getKey())
.build()
val realm = Realm.getInstance(config)
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink