/*
* Copyright (C) 2013 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.tools.lint.checks;
import com.android.tools.lint.detector.api.Detector;
@SuppressWarnings("SpellCheckingInspection")
public class SecureRandomGeneratorDetectorTest extends AbstractCheckTest {
@Override
protected Detector getDetector() {
return new SecureRandomGeneratorDetector();
}
public void testWithoutWorkaround() throws Exception {
assertEquals(""
+ "src/test/pkg/PrngCalls.java:13: Warning: Potentially insecure random numbers "
+ "on Android 4.3 and older. Read "
+ "https://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html"
+ " for more info. [TrulyRandom]\n"
+ " KeyGenerator generator = KeyGenerator.getInstance(\"AES\", \"BC\");\n"
+ " ~~~~~~~~~~~\n"
+ "0 errors, 1 warnings\n",
lintProject(
"bytecode/.classpath=>.classpath",
"bytecode/AndroidManifest.xml=>AndroidManifest.xml",
"bytecode/PrngCalls.java.txt=>src/test/pkg/PrngCalls.java",
"bytecode/PrngCalls.class.data=>bin/classes/test/pkg/PrngCalls.class"
));
}
public void testWithWorkaround() throws Exception {
assertEquals(
"No warnings.",
lintProject(
"bytecode/.classpath=>.classpath",
"bytecode/AndroidManifest.xml=>AndroidManifest.xml",
"bytecode/PrngCalls.java.txt=>src/test/pkg/PrngCalls.java",
"bytecode/PrngCalls.class.data=>bin/classes/test/pkg/PrngCalls.class",
"bytecode/PrngWorkaround$LinuxPRNGSecureRandom.class.data=>bin/classes/test/pkg/PrngWorkaround$LinuxPRNGSecureRandom.class",
"bytecode/PrngWorkaround$LinuxPRNGSecureRandomProvider.class.data=>bin/classes/test/pkg/PrngWorkaround$LinuxPRNGSecureRandomProvider.class",
"bytecode/PrngWorkaround.class.data=>bin/classes/test/pkg/PrngWorkaround.class"
));
}
public void testCipherInit() throws Exception {
assertEquals(""
+ "src/test/pkg/CipherTest1.java:11: Warning: Potentially insecure random "
+ "numbers on Android 4.3 and older. Read "
+ "https://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html"
+ " for more info. [TrulyRandom]\n"
+ " cipher.init(Cipher.WRAP_MODE, key); // FLAG\n"
+ " ~~~~\n"
+ "0 errors, 1 warnings\n",
lintProject(
"bytecode/.classpath=>.classpath",
"bytecode/AndroidManifest.xml=>AndroidManifest.xml",
"bytecode/CipherTest1.java.txt=>src/test/pkg/CipherTest1.java",
"bytecode/CipherTest1.class.data=>bin/classes/test/pkg/CipherTest1.class"
));
}
public void testGetArity() {
assertEquals(2, SecureRandomGeneratorDetector.getDescArity("(ILjava/security/Key;)V"));
assertEquals(0, SecureRandomGeneratorDetector.getDescArity("()V"));
assertEquals(1, SecureRandomGeneratorDetector.getDescArity("(I)V"));
assertEquals(3, SecureRandomGeneratorDetector.getDescArity(
"(Ljava/lang/String;Ljava/lang/String;I)V"));
assertEquals(0, SecureRandomGeneratorDetector.getDescArity("()Lfoo/bar/Baz;"));
}
}