Field and variable annotations

You can apply these annotations to fields and (in most cases) variables.

Password and private annotations

Use password and private annotations to indicate whether the target field or variable is a password or private data.

@FortifyPassword String x;
@FortifyNotPassword String pass;
@FortifyPrivate String y;
@FortifyNotPrivate String cc;

In the previous example, string x will be identified as a password and checked for privacy violations and hardcoded passwords. The string pass will not be identified as a password. Without the annotation, it might cause false positives. The FortifyPrivate and FortifyNotPrivate annotations work similarly, only they do not cause privacy violation issues.

Non-negative and non-zero annotations

Use these annotations to indicate disallowed values for the target field or variable.

@FortifyNonNegative int index;
@FortifyNonZero double divisor;

In the previous example, an issue is reported if a negative value is assigned to index or zero is assigned to divisor.