Skip to content

Potential fix for code scanning alert no. 2: Insecure local authentication#87

Merged
mapgie merged 1 commit into
mainfrom
alert-autofix-4
Jun 2, 2026
Merged

Potential fix for code scanning alert no. 2: Insecure local authentication#87
mapgie merged 1 commit into
mainfrom
alert-autofix-4

Conversation

@mapgie
Copy link
Copy Markdown
Owner

@mapgie mapgie commented Jun 2, 2026

Potential fix for https://github.com/mapgie/GoFlo/security/code-scanning/2

Use a BiometricPrompt.CryptoObject backed by an Android Keystore key, and require successful cipher initialization/authentication before calling onSuccess.

Best fix in this file:

  • Add keystore/cipher helper functions:
    • getOrCreateSecretKey()
    • getCipher()
  • In showBiometricPrompt(...), initialize cipher with the keystore key and call:
    • prompt.authenticate(info, BiometricPrompt.CryptoObject(cipher))
  • In onAuthenticationSucceeded, verify result.cryptoObject?.cipher != null before unlocking.
  • Add required Android/Java crypto imports.

This preserves existing behavior (unlock on valid biometric) while binding it to a hardware/keystore-backed cryptographic operation.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@mapgie @github-advanced-security
Potential fix for code scanning alert no. 2: Insecure local authentic…
be691fa 
…ation

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@mapgie mapgie marked this pull request as ready for review June 2, 2026 08:27
@mapgie mapgie merged commit f99b2e2 into main Jun 2, 2026
3 of 4 checks passed
@mapgie mapgie deleted the alert-autofix-4 branch June 2, 2026 08:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mapgie