我在AndridManifest文件中有以下代码
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
Checkmarx已将此声明标识为“无法实现最低特权”,我想解决此问题。
Checkmarx已将此声明标识为“无法实现最低特权”,我想解决此问题。
这是我的代码: void onGPSClick(){ 最终上下文上下文= this;
//Here, thisActivity is the current activity
if (ContextCompat.checkSelfPermission(ReportGovernmentActivity.this,
Manifest.permission.ACCESS_COARSE_LOCATION)
!= PackageManager.PERMISSION_GRANTED ) {
if (ActivityCompat.shouldShowRequestPermissionRationale(ReportGovernmentActivity.this,
Manifest.permission.ACCESS_COARSE_LOCATION)) {
ActivityCompat.requestPermissions(ReportGovernmentActivity.this,
new String[]{Manifest.permission.ACCESS_COARSE_LOCATION},
MY_PERMISSIONS_REQUEST_READ_CONTACTS);
/*
new AlertDialog.Builder(ReportGovernmentActivity.this)
.setMessage("Turn on location permissions to get relevant information!")
.setPositiveButton("OK", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
ActivityCompat.requestPermissions(ReportGovernmentActivity.this,
new String[]{Manifest.permission.ACCESS_COARSE_LOCATION},
MY_PERMISSIONS_REQUEST_READ_CONTACTS);
}
})
.setNegativeButton("No", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
finish();
}
})
.show();
*/
} else {
ActivityCompat.requestPermissions(ReportGovernmentActivity.this,
new String[]{Manifest.permission.ACCESS_COARSE_LOCATION, Manifest.permission.READ_EXTERNAL_STORAGE},
MY_PERMISSIONS_REQUEST_READ_CONTACTS);
}
}else {
providerLocation();
}
}
@Override
public void onRequestPermissionsResult(int requestCode, String permissions[], int[] grantResults) {
switch (requestCode) {
case MY_PERMISSIONS_REQUEST_READ_CONTACTS: {
// If request is cancelled, the result arrays are empty.
if (grantResults.length > 0 && grantResults[0] == PackageManager.PERMISSION_GRANTED) {
providerLocation();
// permission was granted, yay! Do the
// contacts-related task you need to do.
} else {
finish();
// permission denied, boo! Disable the
// functionality that depends on this permission.
}
return;
}
// other 'case' lines to check for other
// permissions this app might request
}
}
public void providerLocation() {
if (isLocationEnabled(this)) {
final RxPermissions rxPermissions = new RxPermissions(this);
final ReactiveLocationProvider locationProvider = new ReactiveLocationProvider(this);
rxPermissions.request(Manifest.permission.ACCESS_COARSE_LOCATION)
.flatMap(new Func1<Boolean, Observable<Location>>() {
@Override
public Observable<Location> call(Boolean aBoolean) {
try {
return locationProvider.getUpdatedLocation(LocationRequest.create())
.take(1);
} catch (SecurityException e) {
throw e;
}
}
})
.flatMap(new Func1<Location, Observable<List<Address>>>() {
@Override
public Observable<List<Address>> call(Location location) {
return locationProvider
.getReverseGeocodeObservable(location.getLatitude(), location.getLongitude(), 1);
}
})
.map(new Func1<List<Address>, String>() {
@Override
public String call(List<Address> addresses) {
return addresses.size() > 0 ? addresses.get(0).getAddressLine(0) : "";
}
})
.observeOn(AndroidSchedulers.mainThread())
.subscribe(new Action1<String>() {
@Override
public void call(String addresses) {
locationView.setText(addresses);
}
}, new Action1<Throwable>() {
@Override
public void call(Throwable e) {
Toast.makeText(ReportGovernmentActivity.this, "Positioning failure", Toast.LENGTH_SHORT).show();
}
});
} else {
Toast.makeText(this, "Please turn on location services!", Toast.LENGTH_SHORT).show();
final Intent intent = new Intent( Settings.ACTION_LOCATION_SOURCE_SETTINGS);
startActivity(intent);
}
}
答案 0 :(得分:0)
忽略此警报!您重新使用权限的方式没有任何问题!警报是误报。 我发现Checkmarx是一种可怕的安全工具,大部分会产生误报。他们只需要在安全扫描报告中显示一些内容即可证明其许可证费用合理。
答案 1 :(得分:0)
我想解释一下为什么得到这个结果,而不是说是个好工具还是坏工具。
扫描Android应用程序时,SAST工具的主要部分会报告所有权限。这基于最低使用率策略。该工具报告所有权限,但是在每种特定情况下,安全团队都有责任检查所报告的内容是否确实必要。