Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
/*
* Copyright (C) 2015 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.tools.lint.checks;
import com.android.annotations.NonNull;
import com.android.annotations.Nullable;
import com.android.tools.lint.detector.api.Category;
import com.android.tools.lint.detector.api.Detector;
import com.android.tools.lint.detector.api.Detector.JavaPsiScanner;
import com.android.tools.lint.detector.api.Implementation;
import com.android.tools.lint.detector.api.Issue;
import com.android.tools.lint.detector.api.JavaContext;
import com.android.tools.lint.detector.api.Scope;
import com.android.tools.lint.detector.api.Severity;
import com.intellij.psi.JavaElementVisitor;
import com.intellij.psi.PsiClassType;
import com.intellij.psi.PsiExpression;
import com.intellij.psi.PsiMethod;
import com.intellij.psi.PsiMethodCallExpression;
import com.intellij.psi.PsiType;
import java.util.Arrays;
import java.util.List;
public class SslCertificateSocketFactoryDetector extends Detector
implements JavaPsiScanner {
private static final Implementation IMPLEMENTATION_JAVA = new Implementation(
SslCertificateSocketFactoryDetector.class,
Scope.JAVA_FILE_SCOPE);
public static final Issue CREATE_SOCKET = Issue.create(
"SSLCertificateSocketFactoryCreateSocket", //$NON-NLS-1$
"Insecure call to `SSLCertificateSocketFactory.createSocket()`",
"When `SSLCertificateSocketFactory.createSocket()` is called with an `InetAddress` " +
"as the first parameter, TLS/SSL hostname verification is not performed, which " +
"could result in insecure network traffic caused by trusting arbitrary " +
"hostnames in TLS/SSL certificates presented by peers. In this case, developers " +
"must ensure that the `InetAddress` is explicitly verified against the certificate " +
"through other means, such as by calling " +
"`SSLCertificateSocketFactory.getDefaultHostnameVerifier() to get a " +
"`HostnameVerifier` and calling `HostnameVerifier.verify()`.",
Category.SECURITY,
6,
Severity.WARNING,
IMPLEMENTATION_JAVA);
public static final Issue GET_INSECURE = Issue.create(
"SSLCertificateSocketFactoryGetInsecure", //$NON-NLS-1$
"Call to `SSLCertificateSocketFactory.getInsecure()`",
"The `SSLCertificateSocketFactory.getInsecure()` method returns " +
"an SSLSocketFactory with all TLS/SSL security checks disabled, which " +
"could result in insecure network traffic caused by trusting arbitrary " +
"TLS/SSL certificates presented by peers. This method should be " +
"avoided unless needed for a special circumstance such as " +
"debugging. Instead, `SSLCertificateSocketFactory.getDefault()` " +
"should be used.",
Category.SECURITY,
6,
Severity.WARNING,
IMPLEMENTATION_JAVA);
private static final String INET_ADDRESS_CLASS =
"java.net.InetAddress";
private static final String SSL_CERTIFICATE_SOCKET_FACTORY_CLASS =
"android.net.SSLCertificateSocketFactory";
// ---- Implements JavaScanner ----
@Override
public List getApplicableMethodNames() {
// Detect calls to potentially insecure SSLCertificateSocketFactory methods
return Arrays.asList("createSocket", "getInsecure");
}
@Override
public void visitMethod(@NonNull JavaContext context, @Nullable JavaElementVisitor visitor,
@NonNull PsiMethodCallExpression call, @NonNull PsiMethod method) {
if (context.getEvaluator().isMemberInSubClassOf(method,
SSL_CERTIFICATE_SOCKET_FACTORY_CLASS, false)) {
String methodName = method.getName();
if ("createSocket".equals(methodName)) {
PsiExpression[] args = call.getArgumentList().getExpressions();
if (args.length > 0) {
PsiType type = args[0].getType();
if (type != null
&& (INET_ADDRESS_CLASS.equals(type.getCanonicalText())
|| context.getEvaluator().extendsClass(((PsiClassType)type).resolve(),
INET_ADDRESS_CLASS, false))) {
context.report(CREATE_SOCKET, call, context.getLocation(call),
"Use of `SSLCertificateSocketFactory.createSocket()` " +
"with an InetAddress parameter can cause insecure " +
"network traffic due to trusting arbitrary hostnames in " +
"TLS/SSL certificates presented by peers");
}
}
} else if ("getInsecure".equals(methodName)) {
context.report(GET_INSECURE, call, context.getLocation(call),
"Use of `SSLCertificateSocketFactory.getInsecure()` can cause " +
"insecure network traffic due to trusting arbitrary TLS/SSL " +
"certificates presented by peers");
}
}
}
}
