Merge with development

CONTRIBUTING.md

@@ -28,4 +28,3 @@ For example:
 <div align=center>
 :beers: <b>Thank you!</b> :beers:
 </div>
-

rules/arch/mstg-arch-9.java

@@ -1,3 +1,4 @@
+// ruleid: MSTG-ARCH-9
 public class SplashScreen extends AppCompatActivity {
     @Override
     public void onCreate(Bundle savedInstanceState) {
@@ -8,7 +9,7 @@ private void test(){
         //appUpdateManager.startUpdateFlowForResult(appUpdateInfo,AppUpdateType.IMMEDIATE,this,MY_REQUEST_CODE);
     }
 }
-
+// ok: MSTG-ARCH-9
 public class SplashScreen extends AppCompatActivity {
     @Override
     public void onCreate(Bundle savedInstanceState) {

rules/arch/mstg-arch-9.xml

@@ -1,52 +1,12 @@
 <?xml version="1.0" encoding="utf-8"?>
-<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="50" android:versionName="1.7.0.50-int" android:compileSdkVersion="28" android:compileSdkVersionCodename="9" package="it.aci.informatica.acisign" platformBuildVersionCode="28" platformBuildVersionName="9">
+<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="50" android:versionName="1.7.0.50-int" android:compileSdkVersion="28" android:compileSdkVersionCodename="9" package="com.myexample.test" platformBuildVersionCode="28" platformBuildVersionName="9">
     <uses-sdk android:minSdkVersion="22" android:targetSdkVersion="28"/>
-    <uses-permission android:name="android.permission.INTERNET"/>
-    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
-    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
-    <uses-permission android:name="android.permission.BLUETOOTH"/>
-    <uses-permission android:name="android.permission.BLUETOOTH_ADMIN"/>
-    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
-    <uses-permission android:name="android.permission.CAMERA"/>
-    <uses-permission android:name="com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY"/>
-    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
-    <application android:theme="@style/AppTheme" android:label="@string/app_name" android:icon="@mipmap/ic_launcher" android:name="it.aci.informatica.acisign.MyApplication" android:allowBackup="true" android:supportsRtl="true" android:networkSecurityConfig="@xml/network_security_config" android:roundIcon="@mipmap/ic_launcher_round" android:appComponentFactory="androidx.core.app.CoreComponentFactory">
-        <activity android:theme="@style/SplashTheme" android:name="it.aci.informatica.acisign.SplashScreen" android:screenOrientation="sensorLandscape">
-
+    <application android:theme="@style/AppTheme" android:label="@string/app_name" android:icon="@mipmap/ic_launcher" android:name="com.myexample.test.MyApplication" android:allowBackup="true" android:supportsRtl="true" android:networkSecurityConfig="@xml/network_security_config" android:roundIcon="@mipmap/ic_launcher_round" android:appComponentFactory="androidx.core.app.CoreComponentFactory">
+        <activity android:theme="@style/SplashTheme" android:name="com.myexample.test.SplashScreen" android:screenOrientation="sensorLandscape">
             <intent-filter>
-
                 <action android:name="android.intent.action.MAIN"/>
-
                 <category android:name="android.intent.category.LAUNCHER"/>
-
             </intent-filter>
         </activity>
-        <activity android:name="it.aci.informatica.acisign.ui.MainActivity" android:screenOrientation="sensorLandscape"/>
-        <service android:label="BLE Sync Service" android:name="it.adt.bluetooth.core.service.BLEService" android:enabled="true" android:exported="false"/>
-        <service android:name="com.guardsquare.dexguard.runtime.detection.RootDetectorService" android:enabled="true" android:process=":dgWebView" android:isolatedProcess="true"/>
-        <activity android:theme="@style/Dexter.Internal.Theme.Transparent" android:name="com.karumi.dexter.DexterActivity"/>
-        <activity android:name="it.agimobile.core.AGIGraphometricViewActivity">
-            <intent-filter>
-                <action android:name="android.intent.action.MAIN"/>
-            </intent-filter>
-        </activity>
-        <activity android:name="it.adt.graphometric.ui.ADTGraphometricViewActivity">
-            <intent-filter>
-                <action android:name="android.intent.action.MAIN"/>
-            </intent-filter>
-        </activity>
-        <service android:name="androidx.room.MultiInstanceInvalidationService" android:exported="false" android:directBootAware="true"/>
-        <service android:name="com.google.firebase.components.ComponentDiscoveryService" android:exported="false" android:directBootAware="true">
-            <meta-data android:name="com.google.firebase.components:com.google.firebase.crashlytics.CrashlyticsRegistrar" android:value="com.google.firebase.components.ComponentRegistrar"/>
-            <meta-data android:name="com.google.firebase.components:com.google.firebase.installations.FirebaseInstallationsRegistrar" android:value="com.google.firebase.components.ComponentRegistrar"/>
-        </service>
-        <provider android:name="com.google.firebase.provider.FirebaseInitProvider" android:exported="false" android:authorities="it.aci.informatica.acisign.firebaseinitprovider" android:initOrder="100" android:directBootAware="true"/>
-        <meta-data android:name="com.google.android.gms.version" android:value="@integer/google_play_services_version"/>
-        <provider android:name="androidx.lifecycle.ProcessLifecycleOwnerInitializer" android:exported="false" android:multiprocess="true" android:authorities="it.aci.informatica.acisign.lifecycle-process"/>
-        <service android:name="com.google.android.datatransport.runtime.backends.TransportBackendDiscovery" android:exported="false">
-            <meta-data android:name="backend:com.google.android.datatransport.cct.CctBackendFactory" android:value="cct"/>
-        </service>
-        <service android:name="com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService" android:permission="android.permission.BIND_JOB_SERVICE" android:exported="false"/>
-        <receiver android:name="com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver" android:exported="false"/>
     </application>
 </manifest>

rules/auth/mstg-auth-8.java

@@ -2,7 +2,6 @@
 import android.hardware.fingerprint.FingerprintManager;
 import android.hardware.fingerprint.FingerprintManagerCompat;
 
-
 public class MainActivity extends AppCompatActivity {
     @Override
     public void onCreate(Bundle savedInstanceState) {
@@ -16,6 +15,7 @@ private void test_vulnBiometricPrompt() {
         // Vulnerable BiometricPrompt
         //[...]
         biometricPrompt = new BiometricPrompt(MainActivity.this, executor, new BiometricPrompt.AuthenticationCallback() {
+            // ruleid: MSTG-AUTH-8
             @Override
             public void onAuthenticationSucceeded(@NonNull BiometricPrompt.AuthenticationResult result) {
                 //Does not use the CryptoObject from result
@@ -38,11 +38,8 @@ public void onAuthenticationFailed() {
         });
     }
 
-
-
-    private void test_vulnFingerprintManager() {
-        // Vulnerable FingerprintManager
-        //[...]
+    // Vulnerable FingerprintManager
+    //[...]
         public void Authentication(FingerprintManager manager, FingerprintManager.CryptoObject cryptoObject) {
             CancellationSignal cancellationSignal = new CancellationSignal();
             if (ActivityCompat.checkSelfPermission(context, Manifest.permission.USE_FINGERPRINT) != PackageManager.PERMISSION_GRANTED) {
@@ -55,7 +52,7 @@ public void Authentication(FingerprintManager manager, FingerprintManager.Crypto
         public void onAuthenticationFailed() {
             this.update("Authentication Failed!!!", false);
         }
-
+        // ruleid: MSTG-AUTH-8
         @Override
         public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult result) {
             //Does not use the CryptoObject from result
@@ -69,10 +66,8 @@ public void update(String e, Boolean success){
                 textView.setTextColor(ContextCompat.getColor(context,R.color.black));
             }
         }
-    }
-
-
-
+    //[...]
+
     private void test_vulnFingerprintManagerCompat() {
         // Vulnerable FingerprintManagerCompat
         //[...]
@@ -95,7 +90,7 @@ public void onAuthenticationFailed() {
                 showFingerprintError(LocaleController.getString("FingerprintNotRecognized",
                         R.string.FingerprintNotRecognized));
             }
-
+            // ruleid: MSTG-AUTH-8
             @Override
             public void onAuthenticationSucceeded(FingerprintManagerCompat.AuthenticationResult result) {
                 try {
@@ -112,13 +107,11 @@ public void onAuthenticationSucceeded(FingerprintManagerCompat.AuthenticationRes
         }, null);
     }
 
-
-
-
     private void test_goodBiometricPrompt() {
         // Good BiometricPrompt
         //[...]
         biometricPrompt = new BiometricPrompt(MainActivity.this, executor, new BiometricPrompt.AuthenticationCallback() {
+            // ok: MSTG-AUTH-8
             @Override
             public void onAuthenticationSucceeded(@NonNull BiometricPrompt.AuthenticationResult result) {
                 //Uses the CryptoObject from result
@@ -150,7 +143,4 @@ public void onAuthenticationFailed() {
             }
         });
     }
-
-
-
-}
+}

rules/auth/mstg-auth-8.yaml

@@ -18,17 +18,17 @@ rules:
       - pattern-either:
           - patterns:
               - pattern-inside: |
-                  $RET  onAuthenticationSucceeded(FingerprintManager.AuthenticationResult $RES) {
+                  $RET onAuthenticationSucceeded(FingerprintManager.AuthenticationResult $RES) {
                     ...
                   }
           - patterns:
               - pattern-inside: |
-                  $RET  onAuthenticationSucceeded(FingerprintManagerCompat.AuthenticationResult $RES) {
+                  $RET onAuthenticationSucceeded(FingerprintManagerCompat.AuthenticationResult $RES) {
                     ...
                   }
           - patterns:
               - pattern-inside: |
-                  $RET  onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult $RES) {
+                  $RET onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult $RES) {
                     ...
                   }
       - pattern-not-inside: |

rules/code/mstg-code-2.xml

@@ -11,8 +11,10 @@
     <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
     <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
 
+
     <application
         android:allowBackup="true"
+        <!-- ruleid: MSTG-CODE-2 -->
         android:debuggable="true"
         android:icon="@drawable/ic_launcher"
         android:label="@string/app_name"
@@ -30,4 +32,4 @@
     <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
     <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
 
-</manifest>
+</manifest>

rules/code/mstg-code-2.yaml

@@ -2,7 +2,7 @@ rules:
   - id: MSTG-CODE-2
     severity: WARNING
     languages:
-      - generic
+      - xml
     metadata:
       authors:
         - Martino Lessio @mlessio (IMQ Minded Security)
@@ -18,5 +18,5 @@ rules:
       include:
         - "**/AndroidManifest.xml"
     patterns:
-      - pattern-inside: <application ... />
+      - pattern-inside: <application ... > ... </application>
       - pattern: android:debuggable="true"

rules/code/mstg-code-3.gradle

@@ -34,6 +34,7 @@ android {
 
     externalNativeBuild {
         cmake {
+            // ruleid: MSTG-CODE-3
             cppFlags "-fvisibility=hidden"
         }
     }
@@ -42,4 +43,4 @@ android {
 
 dependencies {
     // some dependencies
-}
+}

rules/code/mstg-code-3.yaml

@@ -18,5 +18,5 @@ rules:
       include:
         - "**/build.gradle"
     patterns:
-      - pattern-regex: externalNativeBuild(.|\n)*
-      - pattern-not-regex: \-fvisibility=hidden(.|\n)*
+      - pattern-inside: externalNativeBuild{ ... }
+      - pattern: -fvisibility=hidden

rules/code/mstg-code-4.java

@@ -1,11 +1,13 @@
 public class A{
     public void onCreate() {
+        // ruleid: MSTG-CODE-4
         StrictMode.setThreadPolicy(new StrictMode.ThreadPolicy.Builder()
                 .detectDiskReads()
                 .detectDiskWrites()
                 .detectNetwork()
                 .penaltyLog()
                 .build());
+        // ruleid: MSTG-CODE-4
         StrictMode.setVmPolicy(new StrictMode.VmPolicy.Builder()
                 .detectLeakedSqlLiteObjects()
                 .detectLeakedClosableObjects()

rules/code/mstg-code-8.1.java

@@ -2,11 +2,34 @@ public class BroadcastReceiverLeakActivity extends AppCompatActivity {
 
     private BroadcastReceiver broadcastReceiver;
 
+    private void registerBroadCastReceiver() {
+        broadcastReceiver = new BroadcastReceiver() {
+            @Override
+            public void onReceive(Context context, Intent intent) {
+                //your receiver code goes here!
+            }
+        };
+        // ruleid: MSTG-CODE-8.1
+        registerReceiver(broadcastReceiver, new IntentFilter("SmsMessage.intent.MAIN"));
+    }
+
     @Override
-    protected void onCreate(@Nullable Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-        setContentView(R.layout.activity_first);
+    protected void onStart() {
+        super.onStart();
+        registerBroadCastReceiver();
+    }    
+
+    @Override
+    protected void onStop() {
+        super.onStop();
+        if(broadcastReceiver != null) {
+            //unregisterReceiver(broadcastReceiver);
+        }
     }
+}
+public class BroadcastReceiverLeakActivity2 extends AppCompatActivity {
+
+    private BroadcastReceiver broadcastReceiver;
 
     private void registerBroadCastReceiver() {
         broadcastReceiver = new BroadcastReceiver() {
@@ -15,6 +38,7 @@ public void onReceive(Context context, Intent intent) {
                 //your receiver code goes here!
             }
         };
+        // ok: MSTG-CODE-8.1
         registerReceiver(broadcastReceiver, new IntentFilter("SmsMessage.intent.MAIN"));
     }
 
@@ -27,9 +51,8 @@ protected void onStart() {
     @Override
     protected void onStop() {
         super.onStop();
-
         if(broadcastReceiver != null) {
-            //unregisterReceiver(broadcastReceiver);
+            unregisterReceiver(broadcastReceiver);
         }
     }
-}
+}

rules/code/mstg-code-8.2.java

@@ -1,6 +1,10 @@
 public class StaticReferenceLeakActivity extends AppCompatActivity {
+    // ruleid: MSTG-CODE-8.2
     private static TextView textView;
+    // ruleid: MSTG-CODE-8.2
     private static Activity activity;
+    // ok: MSTG-CODE-8.2
+    private static String a;
 
     @Override
     protected void onCreate(@Nullable Bundle savedInstanceState) {
@@ -12,4 +16,4 @@ protected void onCreate(@Nullable Bundle savedInstanceState) {
 
         activity = this;
     }
-}
+}

rules/code/mstg-code-8.3.java

@@ -10,7 +10,7 @@ protected void onCreate(@Nullable Bundle savedInstanceState) {
          leakyClass = new LeakyClass(this);
          leakyClass.redirectToSecondScreen();
     }
-
+    // ruleid: MSTG-CODE-8.3
     private class LeakyClass {
 
         private Activity activity;
@@ -25,9 +25,10 @@ public void redirectToSecondScreen() {
 }
 
 public class T{
+    // ruleid: MSTG-CODE-8.3
     public class C{
         private void set(Activity a){
             int b = 3;
         }
     }
-}
+}

rules/code/mstg-code-8.4.java

@@ -3,9 +3,9 @@ public class MainActivity extends Activity {
    public void onCreate(Bundle savedInstanceState) {
       super.onCreate(savedInstanceState);
       Context context = getApplicationContext();
-      // KO
+      // ruleid: MSTG-CODE-8.4
       Toast.makeText(this, message, Toast.LENGTH_LONG).show();
-      // OK
+      // ok: MSTG-CODE-8.4
       Toast.makeText(context, message, Toast.LENGTH_LONG).show();
    }
-}
+}

rules/code/mstg-code-8.5.java

@@ -18,11 +18,11 @@ private void createThread() {
     private void redirectToNewScreen() {
         startActivity(new Intent(this, SecondActivity.class));
     }
-
+    // ruleid: MSTG-CODE-8.5
     private class LeakyThread extends Thread {
         @Override
         public void run() {
             while (true) {
             }
         }
-    }
+    }