lint/libs/lint_checks/tests/src/com/android/tools/lint/checks/SecurityDetectorTest.java - platform/sdk - Git at Google

 /*
  * Copyright (C) 2011 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.android.tools.lint.checks;

 import com.android.tools.lint.detector.api.Detector;

 @SuppressWarnings("javadoc")
 public class SecurityDetectorTest extends AbstractCheckTest {
     @Override
     protected Detector getDetector() {
         return new SecurityDetector();
     }

     public void testBroken() throws Exception {
         assertEquals(
             "AndroidManifest.xml:12: Warning: Exported service does not require permission [ExportedService]\n" +
             "        <service\n" +
             "        ^\n" +
             "0 errors, 1 warnings\n" +
             "",
             lintProject(
                     "exportservice1.xml=>AndroidManifest.xml",
                     "res/values/strings.xml"));
     }

     public void testBroken2() throws Exception {
         assertEquals(
             "AndroidManifest.xml:12: Warning: Exported service does not require permission [ExportedService]\n" +
             "        <service\n" +
             "        ^\n" +
             "0 errors, 1 warnings\n" +
             "",
             lintProject(
                     "exportservice2.xml=>AndroidManifest.xml",
                     "res/values/strings.xml"));
     }

     public void testBroken3() throws Exception {
         // Not defining exported, but have intent-filters
         assertEquals(
             "AndroidManifest.xml:12: Warning: Exported service does not require permission [ExportedService]\n" +
             "        <service\n" +
             "        ^\n" +
             "0 errors, 1 warnings\n" +
             "",
             lintProject(
                     "exportservice5.xml=>AndroidManifest.xml",
                     "res/values/strings.xml"));
     }

     public void testOk1() throws Exception {
         // Defines a permission on the <service> element
         assertEquals(
             "No warnings.",
             lintProject(
                     "exportservice3.xml=>AndroidManifest.xml",
                     "res/values/strings.xml"));
     }

     public void testOk2() throws Exception {
         // Defines a permission on the parent <application> element
         assertEquals(
             "No warnings.",
             lintProject(
                     "exportservice4.xml=>AndroidManifest.xml",
                     "res/values/strings.xml"));
     }

     public void testUri() throws Exception {
         assertEquals(
             "AndroidManifest.xml:25: Warning: Content provider shares everything; this is potentially dangerous. [GrantAllUris]\n" +
             "        <grant-uri-permission android:path=\"/\"/>\n" +
             "                              ~~~~~~~~~~~~~~~~\n" +
             "AndroidManifest.xml:26: Warning: Content provider shares everything; this is potentially dangerous. [GrantAllUris]\n" +
             "        <grant-uri-permission android:pathPrefix=\"/\"/>\n" +
             "                              ~~~~~~~~~~~~~~~~~~~~~~\n" +
             "0 errors, 2 warnings\n" +
             "",

             lintProject(
                     "grantpermission.xml=>AndroidManifest.xml",
                     "res/values/strings.xml"));
     }

     // exportprovider1.xml has two exported content providers with no permissions
     public void testContentProvider1() throws Exception {
         assertEquals(
             "AndroidManifest.xml:14: Warning: Exported content providers can provide access to potentially sensitive data [ExportedContentProvider]\n" +
             "        <provider\n" +
             "        ^\n" +
             "AndroidManifest.xml:20: Warning: Exported content providers can provide access to potentially sensitive data [ExportedContentProvider]\n" +
             "        <provider\n" +
             "        ^\n" +
             "0 errors, 2 warnings\n" +
             "",
              lintProject(
                     "exportprovider1.xml=>AndroidManifest.xml",
                     "res/values/strings.xml"));
     }

     // exportprovider2.xml has no un-permissioned exported content providers
     public void testContentProvider2() throws Exception {
         assertEquals(
                 "No warnings.",
                 lintProject(
                         "exportprovider2.xml=>AndroidManifest.xml",
                         "res/values/strings.xml"));
     }

     public void testWorldWriteable() throws Exception {
         assertEquals(
             "src/test/pkg/WorldWriteableFile.java:26: Warning: Using MODE_WORLD_READABLE when creating files can be risky, review carefully [WorldReadableFiles]\n" +
             "            out = openFileOutput(mFile.getName(), MODE_WORLD_READABLE);\n" +
             "                                                  ~~~~~~~~~~~~~~~~~~~\n" +
             "src/test/pkg/WorldWriteableFile.java:31: Warning: Using MODE_WORLD_READABLE when creating files can be risky, review carefully [WorldReadableFiles]\n" +
             "            prefs = getSharedPreferences(mContext, MODE_WORLD_READABLE);\n" +
             "                                                   ~~~~~~~~~~~~~~~~~~~\n" +
             "src/test/pkg/WorldWriteableFile.java:25: Warning: Using MODE_WORLD_WRITEABLE when creating files can be risky, review carefully [WorldWriteableFiles]\n" +
             "            out = openFileOutput(mFile.getName(), MODE_WORLD_WRITEABLE);\n" +
             "                                                  ~~~~~~~~~~~~~~~~~~~~\n" +
             "src/test/pkg/WorldWriteableFile.java:30: Warning: Using MODE_WORLD_WRITEABLE when creating files can be risky, review carefully [WorldWriteableFiles]\n" +
             "            prefs = getSharedPreferences(mContext, MODE_WORLD_WRITEABLE);\n" +
             "                                                   ~~~~~~~~~~~~~~~~~~~~\n" +
             "0 errors, 4 warnings\n" +
             "",

             lintProject(
                 // Java files must be renamed in source tree
                 "src/test/pkg/WorldWriteableFile.java.txt=>src/test/pkg/WorldWriteableFile.java"));
     }

     public void testActivity0() throws Exception {
         // Activities that do not have intent-filters do not need warnings
         assertEquals(
             "No warnings.",
             lintProject(
                 "exportactivity0.xml=>AndroidManifest.xml",
                 "res/values/strings.xml"));
     }

     public void testActivity1() throws Exception {
         assertEquals(
             "AndroidManifest.xml:12: Warning: Exported activity does not require permission [ExportedActivity]\n" +
             "        <activity\n" +
             "        ^\n" +
             "0 errors, 1 warnings\n" +
             "",
             lintProject(
                 "exportactivity1.xml=>AndroidManifest.xml",
                 "res/values/strings.xml"));
     }

     public void testActivity2() throws Exception {
         // Defines a permission on the <activity> element
         assertEquals(
             "No warnings.",
             lintProject(
                 "exportactivity2.xml=>AndroidManifest.xml",
                 "res/values/strings.xml"));
     }

     public void testActivity3() throws Exception {
         // Defines a permission on the parent <application> element
         assertEquals(
             "No warnings.",
             lintProject(
                 "exportactivity3.xml=>AndroidManifest.xml",
                 "res/values/strings.xml"));
     }

     public void testActivity4() throws Exception {
         // Not defining exported, but have intent-filters
         assertEquals(
             "AndroidManifest.xml:12: Warning: Exported activity does not require permission [ExportedActivity]\n" +
             "        <activity\n" +
             "        ^\n" +
             "0 errors, 1 warnings\n" +
             "",
             lintProject(
                 "exportactivity4.xml=>AndroidManifest.xml",
                 "res/values/strings.xml"));
     }

     public void testReceiver0() throws Exception {
         // Activities that do not have intent-filters do not need warnings
         assertEquals(
             "No warnings.",
             lintProject(
                 "exportreceiver0.xml=>AndroidManifest.xml",
                 "res/values/strings.xml"));
     }

     public void testReceiver1() throws Exception {
         assertEquals(
             "AndroidManifest.xml:12: Warning: Exported receiver does not require permission [ExportedReceiver]\n" +
             "        <receiver\n" +
             "        ^\n" +
             "0 errors, 1 warnings\n" +
             "",
             lintProject(
                 "exportreceiver1.xml=>AndroidManifest.xml",
                 "res/values/strings.xml"));
     }

     public void testReceiver2() throws Exception {
         // Defines a permission on the <activity> element
         assertEquals(
             "No warnings.",
             lintProject(
                 "exportreceiver2.xml=>AndroidManifest.xml",
                 "res/values/strings.xml"));
     }

     public void testReceiver3() throws Exception {
         // Defines a permission on the parent <application> element
         assertEquals(
             "No warnings.",
             lintProject(
                 "exportreceiver3.xml=>AndroidManifest.xml",
                 "res/values/strings.xml"));
     }

     public void testReceiver4() throws Exception {
         // Not defining exported, but have intent-filters
         assertEquals(
             "AndroidManifest.xml:12: Warning: Exported receiver does not require permission [ExportedReceiver]\n" +
             "        <receiver\n" +
             "        ^\n" +
             "0 errors, 1 warnings\n" +
             "",
             lintProject(
                 "exportreceiver4.xml=>AndroidManifest.xml",
                 "res/values/strings.xml"));
     }

     public void testReceiver5() throws Exception {
       // Intent filter for standard Android action
       assertEquals(
           "No warnings.",
           lintProject(
               "exportreceiver5.xml=>AndroidManifest.xml",
               "res/values/strings.xml"));
     }

     public void testStandard() throws Exception {
         // Various regression tests for http://code.google.com/p/android/issues/detail?id=33976
         assertEquals(
             "No warnings.",
             lintProject("exportreceiver6.xml=>AndroidManifest.xml"));
     }
 }
	/*
	* Copyright (C) 2011 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.android.tools.lint.checks;

	import com.android.tools.lint.detector.api.Detector;

	@SuppressWarnings("javadoc")
	public class SecurityDetectorTest extends AbstractCheckTest {
	@Override
	protected Detector getDetector() {
	return new SecurityDetector();
	}

	public void testBroken() throws Exception {
	assertEquals(
	"AndroidManifest.xml:12: Warning: Exported service does not require permission [ExportedService]\n" +
	" <service\n" +
	" ^\n" +
	"0 errors, 1 warnings\n" +
	"",
	lintProject(
	"exportservice1.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testBroken2() throws Exception {
	assertEquals(
	"AndroidManifest.xml:12: Warning: Exported service does not require permission [ExportedService]\n" +
	" <service\n" +
	" ^\n" +
	"0 errors, 1 warnings\n" +
	"",
	lintProject(
	"exportservice2.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testBroken3() throws Exception {
	// Not defining exported, but have intent-filters
	assertEquals(
	"AndroidManifest.xml:12: Warning: Exported service does not require permission [ExportedService]\n" +
	" <service\n" +
	" ^\n" +
	"0 errors, 1 warnings\n" +
	"",
	lintProject(
	"exportservice5.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testOk1() throws Exception {
	// Defines a permission on the <service> element
	assertEquals(
	"No warnings.",
	lintProject(
	"exportservice3.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testOk2() throws Exception {
	// Defines a permission on the parent <application> element
	assertEquals(
	"No warnings.",
	lintProject(
	"exportservice4.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testUri() throws Exception {
	assertEquals(
	"AndroidManifest.xml:25: Warning: Content provider shares everything; this is potentially dangerous. [GrantAllUris]\n" +
	" <grant-uri-permission android:path=\"/\"/>\n" +
	" ~~~~~~~~~~~~~~~~\n" +
	"AndroidManifest.xml:26: Warning: Content provider shares everything; this is potentially dangerous. [GrantAllUris]\n" +
	" <grant-uri-permission android:pathPrefix=\"/\"/>\n" +
	" ~~~~~~~~~~~~~~~~~~~~~~\n" +
	"0 errors, 2 warnings\n" +
	"",

	lintProject(
	"grantpermission.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	// exportprovider1.xml has two exported content providers with no permissions
	public void testContentProvider1() throws Exception {
	assertEquals(
	"AndroidManifest.xml:14: Warning: Exported content providers can provide access to potentially sensitive data [ExportedContentProvider]\n" +
	" <provider\n" +
	" ^\n" +
	"AndroidManifest.xml:20: Warning: Exported content providers can provide access to potentially sensitive data [ExportedContentProvider]\n" +
	" <provider\n" +
	" ^\n" +
	"0 errors, 2 warnings\n" +
	"",
	lintProject(
	"exportprovider1.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	// exportprovider2.xml has no un-permissioned exported content providers
	public void testContentProvider2() throws Exception {
	assertEquals(
	"No warnings.",
	lintProject(
	"exportprovider2.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testWorldWriteable() throws Exception {
	assertEquals(
	"src/test/pkg/WorldWriteableFile.java:26: Warning: Using MODE_WORLD_READABLE when creating files can be risky, review carefully [WorldReadableFiles]\n" +
	" out = openFileOutput(mFile.getName(), MODE_WORLD_READABLE);\n" +
	" ~~~~~~~~~~~~~~~~~~~\n" +
	"src/test/pkg/WorldWriteableFile.java:31: Warning: Using MODE_WORLD_READABLE when creating files can be risky, review carefully [WorldReadableFiles]\n" +
	" prefs = getSharedPreferences(mContext, MODE_WORLD_READABLE);\n" +
	" ~~~~~~~~~~~~~~~~~~~\n" +
	"src/test/pkg/WorldWriteableFile.java:25: Warning: Using MODE_WORLD_WRITEABLE when creating files can be risky, review carefully [WorldWriteableFiles]\n" +
	" out = openFileOutput(mFile.getName(), MODE_WORLD_WRITEABLE);\n" +
	" ~~~~~~~~~~~~~~~~~~~~\n" +
	"src/test/pkg/WorldWriteableFile.java:30: Warning: Using MODE_WORLD_WRITEABLE when creating files can be risky, review carefully [WorldWriteableFiles]\n" +
	" prefs = getSharedPreferences(mContext, MODE_WORLD_WRITEABLE);\n" +
	" ~~~~~~~~~~~~~~~~~~~~\n" +
	"0 errors, 4 warnings\n" +
	"",

	lintProject(
	// Java files must be renamed in source tree
	"src/test/pkg/WorldWriteableFile.java.txt=>src/test/pkg/WorldWriteableFile.java"));
	}

	public void testActivity0() throws Exception {
	// Activities that do not have intent-filters do not need warnings
	assertEquals(
	"No warnings.",
	lintProject(
	"exportactivity0.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testActivity1() throws Exception {
	assertEquals(
	"AndroidManifest.xml:12: Warning: Exported activity does not require permission [ExportedActivity]\n" +
	" <activity\n" +
	" ^\n" +
	"0 errors, 1 warnings\n" +
	"",
	lintProject(
	"exportactivity1.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testActivity2() throws Exception {
	// Defines a permission on the <activity> element
	assertEquals(
	"No warnings.",
	lintProject(
	"exportactivity2.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testActivity3() throws Exception {
	// Defines a permission on the parent <application> element
	assertEquals(
	"No warnings.",
	lintProject(
	"exportactivity3.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testActivity4() throws Exception {
	// Not defining exported, but have intent-filters
	assertEquals(
	"AndroidManifest.xml:12: Warning: Exported activity does not require permission [ExportedActivity]\n" +
	" <activity\n" +
	" ^\n" +
	"0 errors, 1 warnings\n" +
	"",
	lintProject(
	"exportactivity4.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testReceiver0() throws Exception {
	// Activities that do not have intent-filters do not need warnings
	assertEquals(
	"No warnings.",
	lintProject(
	"exportreceiver0.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testReceiver1() throws Exception {
	assertEquals(
	"AndroidManifest.xml:12: Warning: Exported receiver does not require permission [ExportedReceiver]\n" +
	" <receiver\n" +
	" ^\n" +
	"0 errors, 1 warnings\n" +
	"",
	lintProject(
	"exportreceiver1.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testReceiver2() throws Exception {
	// Defines a permission on the <activity> element
	assertEquals(
	"No warnings.",
	lintProject(
	"exportreceiver2.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testReceiver3() throws Exception {
	// Defines a permission on the parent <application> element
	assertEquals(
	"No warnings.",
	lintProject(
	"exportreceiver3.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testReceiver4() throws Exception {
	// Not defining exported, but have intent-filters
	assertEquals(
	"AndroidManifest.xml:12: Warning: Exported receiver does not require permission [ExportedReceiver]\n" +
	" <receiver\n" +
	" ^\n" +
	"0 errors, 1 warnings\n" +
	"",
	lintProject(
	"exportreceiver4.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testReceiver5() throws Exception {
	// Intent filter for standard Android action
	assertEquals(
	"No warnings.",
	lintProject(
	"exportreceiver5.xml=>AndroidManifest.xml",
	"res/values/strings.xml"));
	}

	public void testStandard() throws Exception {
	// Various regression tests for http://code.google.com/p/android/issues/detail?id=33976
	assertEquals(
	"No warnings.",
	lintProject("exportreceiver6.xml=>AndroidManifest.xml"));
	}
	}