Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CrySL Rule for KeyGenParameterSpec #127

Open
kruegers opened this issue Dec 11, 2017 · 1 comment
Open

CrySL Rule for KeyGenParameterSpec #127

kruegers opened this issue Dec 11, 2017 · 1 comment
Labels
CrySL enhancement FIX GEN SAST

Comments

@kruegers
Copy link
Member

Look at the class KeyGenParameterSpec[1] and create a CrySL rule for it
This article is a good starting point for a general overview: https://medium.com/@ericfu/securely-storing-secrets-in-an-android-application-501f030ae5a3

[1] https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.html
@shahrzadav
Copy link
Contributor

The name of this class in CrySL must be android.security.keystore.KeyGenParameterSpec.Builder. Without the Builder at the end. the set methods (e.g. setKeySize) throw an error (Couldn't resolve reference to JvmExecutable 'setKeySize'.) cause they are not in KeyGenParameterSpec class but in the builder. On the other hand, when using this class in a project, it will be imported as android.security.keystore.KeyGenParameterSpec, and when analysing by SAST it does not consider it as a used rule cause the rule SPEC name is, android.security.keystore.KeyGenParameterSpec.Builder.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CrySL enhancement FIX GEN SAST
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kruegers @shahrzadav