Java: Add query for Sensitive Keyboard Cache #10684
Conversation
|
QHelp previews: java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.qhelperrors/warnings: |
|
QHelp previews: java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.qhelperrors/warnings: |
|
QHelp previews: java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.qhelperrors/warnings: |
|
QHelp previews: java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.qhelpAndroid sensitive keyboard cacheWhen a user enters information in a text input field on an Android application, their input is saved to a keyboard cache which provides autocomplete suggestions and predictions. There is a risk that sensitive user data, such as passwords or banking information, may be leaked to other applications via the keyboard cache. RecommendationFor input fields expected to accept sensitive information, use input types such as Optionally, instead of declaring an input type through XML, you can set the input type in your code using ExampleIn the following example, the field labeled BAD allows the password to be saved to the keyboard cache, whereas the field labeled GOOD uses the <?xml version="1.0" encoding="utf-8"?>
<LinearLayout
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:app="http://schemas.android.com/apk/res-auto">
<!-- BAD: This password field uses the `text` input type, which allows the input to be saved to the keyboard cache. -->
<EditText
android:id="@+id/password_bad"
android:inputType="text"/>
<!-- GOOD: This password field uses the `textPassword` input type, which ensures that the input is not saved to the keyboard cache. -->
<EditText
android:id="@+id/password_good"
android:inputType="textPassword"/>
</LinearLayout>References
|
atorralba
left a comment
There was a problem hiding this comment.
This mostly looks good, I added some minor comments.
Other than that, have you considered that the input type could be added programmatically via setInputType? I'm curious about how many alerts raised by this query could be discarded because of this. If there are enough, it could might sense to handle it as well.
WDYT?
027a93b to
63bdd32
Compare
atorralba
left a comment
There was a problem hiding this comment.
Hey @joefarebrother thanks for working on this, I think it'll be a valuable addition. I added some more minor comments and a conceptual question, but otherwise this LGTM. If DCA and MRVA look good, we should ask for a docs review.
b8e0779 to
3242bbb
Compare
sabrowning1
left a comment
There was a problem hiding this comment.
👋🏼 @joefarebrother, thanks for your work on this! I've suggested a few small changes to the .qhelp file to align with our style guide. Let me know if you have any questions!
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
eae981f to
cc96037
Compare
sabrowning1
left a comment
There was a problem hiding this comment.
Looks good for Docs, thanks @joefarebrother! 👍🏼
Query that detects instances of sensitive information that could be saved into the keyboard cache.
Considers cases in which an input field declared is declared via XML with a name that indicates it may contain sensitive information, but its input type, as declared either in XML or in code, indicates that it is saved to the keyboard cache.