From b3bd9e73c7e65f988d09be0c5003227efe3b07e4 Mon Sep 17 00:00:00 2001 From: Olivier Jaquemet Date: Wed, 26 Feb 2020 13:53:21 +0100 Subject: [PATCH] Fix #24 - Limit the extensibility of classes and methods Apply Guideline 4-5 / EXTEND-5: Limit the extensibility of classes and methods from the Secure Coding Guidelines for Java SE https://www.oracle.com/technetwork/java/seccodeguide-139067.html#4-5 --- .../java/dev/samstevens/totp/code/DefaultCodeGenerator.java | 2 +- src/main/java/dev/samstevens/totp/code/DefaultCodeVerifier.java | 2 +- .../dev/samstevens/totp/exceptions/CodeGenerationException.java | 2 +- .../dev/samstevens/totp/exceptions/QrGenerationException.java | 2 +- .../dev/samstevens/totp/exceptions/TimeProviderException.java | 2 +- src/main/java/dev/samstevens/totp/qr/QrData.java | 2 +- src/main/java/dev/samstevens/totp/qr/ZxingPngQrGenerator.java | 2 +- .../dev/samstevens/totp/recovery/RecoveryCodeGenerator.java | 2 +- .../java/dev/samstevens/totp/secret/DefaultSecretGenerator.java | 2 +- src/main/java/dev/samstevens/totp/time/NtpTimeProvider.java | 2 +- src/main/java/dev/samstevens/totp/time/SystemTimeProvider.java | 2 +- src/main/java/dev/samstevens/totp/util/Utils.java | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/main/java/dev/samstevens/totp/code/DefaultCodeGenerator.java b/src/main/java/dev/samstevens/totp/code/DefaultCodeGenerator.java index d83f893..5841caa 100644 --- a/src/main/java/dev/samstevens/totp/code/DefaultCodeGenerator.java +++ b/src/main/java/dev/samstevens/totp/code/DefaultCodeGenerator.java @@ -8,7 +8,7 @@ import java.security.InvalidParameterException; import java.security.NoSuchAlgorithmException; -public class DefaultCodeGenerator implements CodeGenerator { +public final class DefaultCodeGenerator implements CodeGenerator { private final HashingAlgorithm algorithm; private final int digits; diff --git a/src/main/java/dev/samstevens/totp/code/DefaultCodeVerifier.java b/src/main/java/dev/samstevens/totp/code/DefaultCodeVerifier.java index 7fdfd33..0aacb29 100644 --- a/src/main/java/dev/samstevens/totp/code/DefaultCodeVerifier.java +++ b/src/main/java/dev/samstevens/totp/code/DefaultCodeVerifier.java @@ -3,7 +3,7 @@ import dev.samstevens.totp.exceptions.CodeGenerationException; import dev.samstevens.totp.time.TimeProvider; -public class DefaultCodeVerifier implements CodeVerifier { +public final class DefaultCodeVerifier implements CodeVerifier { private final CodeGenerator codeGenerator; private final TimeProvider timeProvider; diff --git a/src/main/java/dev/samstevens/totp/exceptions/CodeGenerationException.java b/src/main/java/dev/samstevens/totp/exceptions/CodeGenerationException.java index 51b3d34..9154b76 100644 --- a/src/main/java/dev/samstevens/totp/exceptions/CodeGenerationException.java +++ b/src/main/java/dev/samstevens/totp/exceptions/CodeGenerationException.java @@ -1,6 +1,6 @@ package dev.samstevens.totp.exceptions; -public class CodeGenerationException extends Exception { +public final class CodeGenerationException extends Exception { public CodeGenerationException(String message, Throwable cause) { super(message, cause); } diff --git a/src/main/java/dev/samstevens/totp/exceptions/QrGenerationException.java b/src/main/java/dev/samstevens/totp/exceptions/QrGenerationException.java index 7a887c3..a57bdcc 100644 --- a/src/main/java/dev/samstevens/totp/exceptions/QrGenerationException.java +++ b/src/main/java/dev/samstevens/totp/exceptions/QrGenerationException.java @@ -1,6 +1,6 @@ package dev.samstevens.totp.exceptions; -public class QrGenerationException extends Exception { +public final class QrGenerationException extends Exception { public QrGenerationException(String message, Throwable cause) { super(message, cause); } diff --git a/src/main/java/dev/samstevens/totp/exceptions/TimeProviderException.java b/src/main/java/dev/samstevens/totp/exceptions/TimeProviderException.java index 77a0691..93fa319 100644 --- a/src/main/java/dev/samstevens/totp/exceptions/TimeProviderException.java +++ b/src/main/java/dev/samstevens/totp/exceptions/TimeProviderException.java @@ -1,6 +1,6 @@ package dev.samstevens.totp.exceptions; -public class TimeProviderException extends RuntimeException { +public final class TimeProviderException extends RuntimeException { public TimeProviderException(String message, Throwable cause) { super(message, cause); } diff --git a/src/main/java/dev/samstevens/totp/qr/QrData.java b/src/main/java/dev/samstevens/totp/qr/QrData.java index bc2b750..1d76333 100644 --- a/src/main/java/dev/samstevens/totp/qr/QrData.java +++ b/src/main/java/dev/samstevens/totp/qr/QrData.java @@ -7,7 +7,7 @@ import java.nio.charset.StandardCharsets; @SuppressWarnings("WeakerAccess") -public class QrData { +public final class QrData { private final String type; private final String label; diff --git a/src/main/java/dev/samstevens/totp/qr/ZxingPngQrGenerator.java b/src/main/java/dev/samstevens/totp/qr/ZxingPngQrGenerator.java index e292749..a0e4c42 100644 --- a/src/main/java/dev/samstevens/totp/qr/ZxingPngQrGenerator.java +++ b/src/main/java/dev/samstevens/totp/qr/ZxingPngQrGenerator.java @@ -8,7 +8,7 @@ import dev.samstevens.totp.exceptions.QrGenerationException; import java.io.ByteArrayOutputStream; -public class ZxingPngQrGenerator implements QrGenerator { +public final class ZxingPngQrGenerator implements QrGenerator { private final Writer writer; private int imageSize = 350; diff --git a/src/main/java/dev/samstevens/totp/recovery/RecoveryCodeGenerator.java b/src/main/java/dev/samstevens/totp/recovery/RecoveryCodeGenerator.java index 625405a..2030b85 100644 --- a/src/main/java/dev/samstevens/totp/recovery/RecoveryCodeGenerator.java +++ b/src/main/java/dev/samstevens/totp/recovery/RecoveryCodeGenerator.java @@ -6,7 +6,7 @@ import java.util.Arrays; import java.util.Random; -public class RecoveryCodeGenerator { +public final class RecoveryCodeGenerator { private Random random = new SecureRandom(); private Base32 codec = new Base32(); diff --git a/src/main/java/dev/samstevens/totp/secret/DefaultSecretGenerator.java b/src/main/java/dev/samstevens/totp/secret/DefaultSecretGenerator.java index 853a431..cdf99a7 100644 --- a/src/main/java/dev/samstevens/totp/secret/DefaultSecretGenerator.java +++ b/src/main/java/dev/samstevens/totp/secret/DefaultSecretGenerator.java @@ -4,7 +4,7 @@ import java.security.SecureRandom; @SuppressWarnings("WeakerAccess") -public class DefaultSecretGenerator implements SecretGenerator { +public final class DefaultSecretGenerator implements SecretGenerator { private final SecureRandom randomBytes = new SecureRandom(); private final static Base32 encoder = new Base32(); diff --git a/src/main/java/dev/samstevens/totp/time/NtpTimeProvider.java b/src/main/java/dev/samstevens/totp/time/NtpTimeProvider.java index 078b21e..bad5f06 100644 --- a/src/main/java/dev/samstevens/totp/time/NtpTimeProvider.java +++ b/src/main/java/dev/samstevens/totp/time/NtpTimeProvider.java @@ -6,7 +6,7 @@ import java.net.InetAddress; import java.net.UnknownHostException; -public class NtpTimeProvider implements TimeProvider { +public final class NtpTimeProvider implements TimeProvider { private final NTPUDPClient client; private final InetAddress ntpHost; diff --git a/src/main/java/dev/samstevens/totp/time/SystemTimeProvider.java b/src/main/java/dev/samstevens/totp/time/SystemTimeProvider.java index 3d01f78..9d9de85 100644 --- a/src/main/java/dev/samstevens/totp/time/SystemTimeProvider.java +++ b/src/main/java/dev/samstevens/totp/time/SystemTimeProvider.java @@ -3,7 +3,7 @@ import dev.samstevens.totp.exceptions.TimeProviderException; import java.time.Instant; -public class SystemTimeProvider implements TimeProvider { +public final class SystemTimeProvider implements TimeProvider { @Override public long getTime() throws TimeProviderException { return Instant.now().getEpochSecond(); diff --git a/src/main/java/dev/samstevens/totp/util/Utils.java b/src/main/java/dev/samstevens/totp/util/Utils.java index b7f72a5..77eef7c 100644 --- a/src/main/java/dev/samstevens/totp/util/Utils.java +++ b/src/main/java/dev/samstevens/totp/util/Utils.java @@ -2,7 +2,7 @@ import org.apache.commons.codec.binary.Base64; -public class Utils { +public final class Utils { private static Base64 base64Codec = new Base64(); // Class not meant to be instantiated