Missing encryption of sensitive data High

The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.

Detector ID

kotlin/missing-encryption-of-sensitive-data@v1.0

Category

Security

Common Weakness Enumeration (CWE)

CWE-311

Tags

Noncompliant example

1// Noncompliant: The lack of proper data encryption
2fun noncompliant() {
3val config = RealmConfiguration.Builder().build()
4     val realm = Realm.getInstance(config) 
5}

Compliant example

1// Compliant: Proper data encryption
2fun compliant() {
3    val config = RealmConfiguration.Builder()
4    .encryptionKey(getKey())
5    .build()
6     val realm = Realm.getInstance(config)
7}

Q

Detector Library

Kotlin detectors (23/23)

Missing encryption of sensitive data High

Noncompliant example

Compliant example