Added Kotlin detector lib cases

kotlin/src/detectors/accessing-android-external-storage/compliant.kt

@@ -0,0 +1,11 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=cleartext-storage-of-sensitive-information@v1.0 defects=0}
+// Compliant: `context.getExternalFilesDir` is not from Context object
+fun compliant(context : ContextOther) {
+   context.getExternalFilesDir("filepath")
+}
+// {/fact}

kotlin/src/detectors/accessing-android-external-storage/non-compliant.kt

@@ -0,0 +1,11 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=cleartext-storage-of-sensitive-information@v1.0 defects=1}
+// Noncompliant: `context.getExternalFilesDir` returns absolute path to the directory on the primary shared/external storage device
+fun noncompliant(context : Context) {
+   context.getExternalFilesDir("filepath://")
+}
+// {/fact}

kotlin/src/detectors/anonymous-ldap-bind/compliant.kt

@@ -0,0 +1,12 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-authentication@v1.0 defects=0}
+// Compliant: Enforcing authentication for LDAP statements
+fun compliant(env: Environment): Void {
+    env.put(Context.SECURITY_AUTHENTICATION, "simple")
+    val ctx: DirContext = InitialDirContext(env)
+}
+// {/fact}

kotlin/src/detectors/anonymous-ldap-bind/non-compliant.kt

@@ -0,0 +1,12 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-authentication@v1.0 defects=1}
+// Noncompliant: Permiting anonymous users to execute LDAP statements
+fun noncompliant(env: Environment): Void {
+    env.put(Context.SECURITY_AUTHENTICATION, "none")
+    val ctx: DirContext = InitialDirContext(env)
+}
+// {/fact}

kotlin/src/detectors/bad-hexa-conversion/compliant.kt

@@ -0,0 +1,19 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=incorrect-type-conversion@v1.0 defects=0}
+// Compliant: Using `String.format(\"%02X\",...)` which does not creates weak hash
+fun compliant(password: String): String {
+    val md: MessageDigest = MessageDigest.getInstance("SHA-1")
+    val resultBytes: Array<Byte> = md.digest(password.getBytes("UTF-8"))
+
+    var stringBuilder: StringBuilder = StringBuilder()
+    for (b in resultBytes) {
+        stringBuilder.append(String.format("%02X", b))
+    }
+
+    return stringBuilder.toString()
+}
+// {/fact}

kotlin/src/detectors/bad-hexa-conversion/non-compliant.kt

@@ -0,0 +1,19 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=incorrect-type-conversion@v1.0 defects=1}
+// Noncompliant: Using `Integer.toHexString()` which creates weak hash
+fun noncompliant(password: String): String {
+    val md: MessageDigest = MessageDigest.getInstance("SHA-1")
+    val resultBytes: Array<Byte> = md.digest(password.getBytes("UTF-8"))
+
+    var stringBuilder: StringBuilder = StringBuilder()
+    for (b in resultBytes) {
+        stringBuilder.append(Integer.toHexString(b and 0xFF))
+    }
+
+    return stringBuilder.toString()
+}
+// {/fact}

kotlin/src/detectors/biometric-authentication/compliant.kt

@@ -0,0 +1,16 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-authentication@v1.0 defects=0}
+// Compliant: Used the cryptographic operation with biometric authentication by using a CryptoObject
+fun compliant() {
+   val biometricPrompt: BiometricPrompt = BiometricPrompt(this, executor, callback)
+    val cipher = getCipher()
+    val secretKey = getSecretKey()
+    cipher.init(Cipher.ENCRYPT_MODE, secretKey)
+    biometricPrompt.authenticate(promptInfo,
+    BiometricPrompt.CryptoObject(cipher))
+}
+// {/fact}

kotlin/src/detectors/biometric-authentication/non-compliant.kt

@@ -0,0 +1,12 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-authentication@v1.0 defects=1}
+// Noncompliant: Not used the cryptographic operation with biometric authentication.
+fun noncompliant() {
+    val biometricPrompt: BiometricPrompt = BiometricPrompt(this, executor, callback)    
+    biometricPrompt.authenticate(promptInfo)
+}
+// {/fact}

kotlin/src/detectors/broadcasting-intents-is-security-sensitive/compliant.kt

@@ -0,0 +1,11 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-export-of-android-app-components@v1.0 defects=0}
+// Compliant: Access to broadcasting intents should be limited
+fun compliant(intent: Intent, context: Context, broadcastPermission: String) {
+    context.sendBroadcast(intent, broadcastPermission) 
+}
+// {/fact}

kotlin/src/detectors/broadcasting-intents-is-security-sensitive/non-compliant.kt

@@ -0,0 +1,11 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-export-of-android-app-components@v1.0 defects=1}
+// Noncompliant: Broadcasted intents are available to all applications
+fun noncompliant(intent: Intent, context: Context,) {
+    context.sendBroadcast(intent) 
+}
+// {/fact}

kotlin/src/detectors/clear-text-protocol/compliant.kt

@@ -0,0 +1,11 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=insecure-connection@v1.0 defects=0}
+// Compliant: Using clear-text protocols such as `ftps` which is secure
+fun compliant() {
+    val ftpsClient = FTPSClient(true);
+}
+// {/fact}

kotlin/src/detectors/clear-text-protocol/non-compliant.kt

@@ -0,0 +1,11 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=insecure-connection@v1.0 defects=1}
+// Noncompliant: Using clear-text protocols such as `ftp` which is insecure
+fun noncompliant() {
+    val ftpClient = FTPClient(); // Sensitive
+}
+// {/fact}

kotlin/src/detectors/command-injection/compliant.kt

@@ -0,0 +1,15 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=os-command-injection@v1.0 defects=0}
+// Compliant: Hardcoded value is being passed to `exec`
+fun compliant() {
+    val directory = "hardcoded_value"
+
+    val command = "ls -l " + directory
+    val r: Runtime = Runtime.getRuntime()
+    val process = r.getRuntime().exec(command)  
+}
+// {/fact}

kotlin/src/detectors/command-injection/non-compliant.kt

@@ -0,0 +1,15 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=os-command-injection@v1.0 defects=1}
+// Noncompliant: User input is being passed to `exec`
+fun noncompliant() {
+    print("Enter your input:")
+    val input = readLine()
+
+    val command = "echo Hello, $input"
+    val process = Runtime.getRuntime().exec(String.format("The value is: %s", command))
+}
+// {/fact}

kotlin/src/detectors/cookie-missing-httponly/compliant.kt

@@ -0,0 +1,13 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=sensitive-cookie-without-http-only-flag@v1.0 defects=0}
+// Compliant: The `httponly` attribute of cookies is set to `true`
+fun compliant(value: String, response: HttpServletResponse) {
+    val cookie: Cookie = Cookie("cookie", value)
+    cookie.setHttpOnly(true)
+    response.addCookie(cookie)
+}
+// {/fact}

kotlin/src/detectors/cookie-missing-httponly/non-compliant.kt

@@ -0,0 +1,13 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=sensitive-cookie-without-http-only-flag@v1.0 defects=1}
+// Noncompliant: The `httponly` attribute of cookies is set to `false`
+fun noncompliant(value: String, response: HttpServletResponse) {
+    val cookie: Cookie = Cookie("cookie", value)
+    cookie.setHttpOnly(false)
+    response.addCookie(cookie)
+}
+// {/fact}

kotlin/src/detectors/cookie-missing-secure-flag/compliant.kt

@@ -0,0 +1,13 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=insecure-cookie@v1.0 defects=0}
+// Compliant: The `setSecure` attribute of cookies is set to `true`
+fun compliant(@RequestParam value: String, response: HttpServletResponse) {
+    var cookie: Cookie = Cookie("cookie", value)
+    cookie.setSecure(true)
+    response.addCookie(cookie)
+}
+// {/fact}

kotlin/src/detectors/cookie-missing-secure-flag/non-compliant.kt

@@ -0,0 +1,14 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=insecure-cookie@v1.0 defects=1}
+// Noncompliant:  The `setSecure` attribute of cookies is set to `false`
+fun noncompliant() {
+    var cookie: Cookie = Cookie("cookie", value)
+    cookie.setSecure(false)
+    cookie.setHttpOnly(false)
+    response.addCookie(cookie)
+}
+// {/fact}

kotlin/src/detectors/cross-site-scripting/compliant.kt

@@ -0,0 +1,15 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=cross-site-scripting@v1.0 defects=0}
+// Compliant: Not using any unsanitized external inputs
+fun compliant() {
+    print("Enter your name:")
+    val name = readLine()
+
+    val writer = PrintWriter(System.out)
+    writer.write("<p>Hello, name!</p>")
+}
+// {/fact}

kotlin/src/detectors/cross-site-scripting/non-compliant.kt

@@ -0,0 +1,15 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=cross-site-scripting@v1.0 defects=1}
+// Noncompliant: Using unsanitized external inputs which leads to XSS
+fun noncompliant() {
+    print("Enter your name:")
+    val name = readLine()
+
+    val writer = PrintWriter(System.out)
+    writer.write("<p>Hello, $name!</p>")
+}
+// {/fact}

kotlin/src/detectors/csrf-protection/compliant.kt

@@ -0,0 +1,20 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=cross-site-request-forgery@v1.0 defects=0}
+// Compliant: By default CSRF protection is enabled
+@Configuration
+@EnableWebSecurity
+class WebSecurityConfig : WebSecurityConfigurerAdapter() {
+
+    @Throws(Exception::class)
+    override fun configure(http: HttpSecurity) {
+        http {
+            csrf { }
+            // Other security configurations...
+        }
+    }
+}
+// {/fact}

kotlin/src/detectors/csrf-protection/non-compliant.kt

@@ -0,0 +1,19 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=cross-site-request-forgery@v1.0 defects=1}
+// Noncompliant: CSRF protection disabled
+@Configuration
+@EnableWebSecurity
+class WebSecurityConfig : WebSecurityConfigurerAdapter() {
+    @Throws(Exception::class)
+    protected fun configure(http: HttpSecurity) {
+        http {
+            csrf().disable()
+            // Other security configurations...
+        }
+    }
+    }
+// {/fact}

kotlin/src/detectors/defaulthttpclient-deprecated/compliant.kt

@@ -0,0 +1,13 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=cryptographic-key-generator@v1.0 defects=0}
+// Compliant: `DefaultHttpClient` is not used for setting up HTTP connection.
+fun compliant() {
+    val client: HttpClient = SystemDefaultHttpClient()
+    val request: HttpGet = HttpGet("http://google.com")
+    val response: HttpResponse= client.execute(request)
+}
+// {/fact}

kotlin/src/detectors/defaulthttpclient-deprecated/non-compliant.kt

@@ -0,0 +1,13 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=cryptographic-key-generator@v1.0 defects=1}
+// Noncompliant: `DefaultHttpClient` is used for setting up HTTP connection.
+fun noncompliant() {
+    val client: HttpClient = DefaultHttpClient()
+    val request: HttpGet = HttpGet("http://google.com")
+    val response: HttpResponse= client.execute(request)
+}
+// {/fact}

kotlin/src/detectors/gcm-detection/compliant.kt

@@ -0,0 +1,23 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=reusing-nonce-key-in-encryption@v1.0 defects=0}
+// Compliant: GCM Cipher with new initialization vector is used
+fun compliant(clearText: String): String {
+    val cipher: Cipher = Cipher.getInstance("AES/GCM/NoPadding")
+
+    val keySpec: SecretKeySpec= SecretKeySpec(theKey.getEncoded(), "AES")
+    val theBadIV: Array<Byte> = BAD_IV.getBytes()
+
+    private val theInnerIV: Array<Byte>
+    val gcmParameterSpec: GCMParameterSpec = GCMParameterSpec(GCM_TAG_LENGTH * 8, theInnerIV)
+    cipher.init(Cipher.ENCRYPT_MODE, keySpec, gcmParameterSpec)
+
+    val cipherText: Array<Byte> = cipher.doFinal(clearText.getBytes())
+
+    val encoded = base64.getEncoder().encodeToString(cipherText)
+    return encoded
+}
+// {/fact}