Skip to content

Commit

Permalink
java:chore - Adding improvements on Java Rules
Browse files Browse the repository at this point in the history
In this commit I changed to add Safe and Unsafe code in
all rules of the java. Reference from issue #630 and #1020.

Signed-off-by: Wilian Gabriel <wilian.silva@zup.com.br>
  • Loading branch information
wiliansilvazup committed Mar 21, 2022
1 parent 71b07db commit 9bcb120
Show file tree
Hide file tree
Showing 11 changed files with 2,877 additions and 1,130 deletions.
6 changes: 4 additions & 2 deletions internal/services/engines/dart/rules.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,8 +73,10 @@ Depending on the implementation in the operating system the bioID is just a lock
Basically on Android, you can ask to use the 4-digit password because of "faulty hardware" and this functionality depends on how the application uses this.
There are applications that ask for 6 digit passwords and then ask for the bioID just to "automatically type" the 6 digit password which can cause an easy identification and access to your application is broken.
For more information checkout the OWSAP M4:2016 (https://owasp.org/www-project-mobile-top-10/2016-risks/m4-insecure-authentication) advisory and see this example how implement good authentication (in "C" Language): https://developer.apple.com/library/archive/samplecode/KeychainTouchID/Introduction/Intro.html.`,
Severity: severities.Info.ToString(),
Confidence: confidence.Medium.ToString(),
Severity: severities.Info.ToString(),
Confidence: confidence.Medium.ToString(),
SafeExample: SampleSafeHSDART3,
UnsafeExample: SampleVulnerableHSDART3,
},
Type: text.AndMatch,
Expressions: []*regexp.Regexp{
Expand Down
4 changes: 2 additions & 2 deletions internal/services/engines/dart/rules_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ func TestRulesVulnerableCode(t *testing.T) {
CodeSample: "import 'package:flutter_sms/flutter_sms.dart';",
SourceLocation: engine.Location{
Filename: filepath.Join(tempDir, "HS-DART-6.test"),
Line: 1,
Line: 2,
Column: 28,
},
},
Expand Down Expand Up @@ -329,7 +329,7 @@ func TestRulesSafeCode(t *testing.T) {
{
Name: "HS-DART-3",
Rule: NewNoUseBiometricsTypeIOS(),
Src: "",
Src: SampleSafeHSDART3,
Filename: filepath.Join(tempDir, "HS-DART-3.test"),
},
{
Expand Down
Loading

0 comments on commit 9bcb120

Please sign in to comment.