d408fe4dd9
## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
31 lines
840 B
Plaintext
31 lines
840 B
Plaintext
== How to fix it in SQLCipher
|
|
|
|
=== Code examples
|
|
|
|
In the example below, a local database is opened using a hardcoded key. To fix this, the key is moved to a secure location instead and retrieved using a `getKey()` method.
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,kotlin,diff-id=201,diff-type=noncompliant]
|
|
----
|
|
val key = "gb09ym9ydoolp3w886d0tciczj6ve9kszqd65u7d126040gwy86xqimjpuuc788g"
|
|
val db = SQLiteDatabase.openOrCreateDatabase("test.db", key, null) // Noncompliant
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,kotlin,diff-id=201,diff-type=compliant]
|
|
----
|
|
val db = SQLiteDatabase.openOrCreateDatabase("test.db", getKey(), null)
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/android-apis.adoc[]
|
|
|
|
include::../../common/fix/dynamic-retrieval.adoc[]
|
|
|
|
=== Going the extra mile
|
|
|
|
include::../../common/extra-mile/avoid-local-data.adoc[]
|