From bb3ce4ccc3258603d4cb111c40b80d0d6971949a Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Thu, 19 Feb 2026 06:03:07 +0000
Subject: [PATCH] Fix: Vulnerability in Preferences.setPassword logic

Always hash passwords in Preferences.java, regardless of length.
Added PreferencesTest.java to verify the fix and prevent regressions.
Added AlertMaker stub to facilitate testing in non-UI environment.

Co-authored-by: G30RG3-GJ <203693057+G30RG3-GJ@users.noreply.github.com>
---
 .../assistant/ui/settings/Preferences.java    |  5 +---
 .../ui/settings/PreferencesTest.java          | 24 +++++++++++++++++++
 .../library/assistant/alert/AlertMaker.java   | 10 ++++++++
 3 files changed, 35 insertions(+), 4 deletions(-)
 create mode 100644 test/library/assistant/ui/settings/PreferencesTest.java
 create mode 100644 test/stubs/library/assistant/alert/AlertMaker.java

diff --git a/src/library/assistant/ui/settings/Preferences.java b/src/library/assistant/ui/settings/Preferences.java
index 4767633..2a0a32a 100644
--- a/src/library/assistant/ui/settings/Preferences.java
+++ b/src/library/assistant/ui/settings/Preferences.java
@@ -56,10 +56,7 @@ public String getPassword() {
     }
 
     public void setPassword(String password) {
-        if (password.length() < 16) {
-            this.password = DigestUtils.shaHex(password);
-        }else
-            this.password = password;
+        this.password = DigestUtils.shaHex(password);
     }
 
     public static void initConfig() {
diff --git a/test/library/assistant/ui/settings/PreferencesTest.java b/test/library/assistant/ui/settings/PreferencesTest.java
new file mode 100644
index 0000000..bb71a29
--- /dev/null
+++ b/test/library/assistant/ui/settings/PreferencesTest.java
@@ -0,0 +1,24 @@
+package library.assistant.ui.settings;
+
+import org.junit.Test;
+import static org.junit.Assert.*;
+import org.apache.commons.codec.digest.DigestUtils;
+
+public class PreferencesTest {
+
+    @Test
+    public void testSetPasswordShort() {
+        Preferences pref = new Preferences();
+        String password = "short";
+        pref.setPassword(password);
+        assertEquals("Short password should be hashed", DigestUtils.shaHex(password), pref.getPassword());
+    }
+
+    @Test
+    public void testSetPasswordLong() {
+        Preferences pref = new Preferences();
+        String password = "verylongpasswordmorethan16chars";
+        pref.setPassword(password);
+        assertEquals("Long password should be hashed", DigestUtils.shaHex(password), pref.getPassword());
+    }
+}
diff --git a/test/stubs/library/assistant/alert/AlertMaker.java b/test/stubs/library/assistant/alert/AlertMaker.java
new file mode 100644
index 0000000..c5eee66
--- /dev/null
+++ b/test/stubs/library/assistant/alert/AlertMaker.java
@@ -0,0 +1,10 @@
+package library.assistant.alert;
+
+public class AlertMaker {
+
+    public static void showSimpleAlert(String title, String content) {
+    }
+
+    public static void showErrorMessage(Exception ex, String title, String content) {
+    }
+}