Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#288 [patch] Add Android application vulnerability detector

3.x
pending
nobody
patch (12)
5
2014-06-19
2013-06-03
Makito SHIOKAWA
No

Thank you for developing a wonderful software!
I think FindBugs can be an effective solution to detect Android application vulnerabilities and I made a patch for it.

  • Add some Android API signature to the SQL Injection detector
  • Add a detector for possible implicit intent in an Android application
  • Add a detector for improper (not MODE_PRIVATE) file permission in an Android application

I will appreciate if you give me any comment about the patch implementation or make use of it.

Thanks,

1 Attachments

Discussion

  • William Pugh
    William Pugh
    2013-11-15

    OK, I was able to apply the patch.
    But what we really need are examples of the kind of code the new detectors are trying to catch.

    Ideally, what we need are, for each kind of bug detected by the new detector, one method illustrating the code we want to detect, and another method illustrating the correct way to do it. The method containing the bug we want to detect should be annotated with @ExpectWarning("..."), and the one showing the right way to do it should be annotated @NoWarning("...").

     
  • Please provide test examples as requested by Bill.

     
    • labels: --> patch
    • status: open --> pending
    • Group: 3.0.0 --> 3.0.1