Java: CWE-266 - Query to detect Intent URI Permission Manipulation in Android applications #6975
Conversation
Removed duplicated code
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
This PR adds a query to detect Intent URI Permission Manipulation in Android applications. The query detects when an exported Activity is obtaining a user-provided Intent and redirecting it back to the calling application. Also, it requires that a non-exported Content Provider with the attribute
android:grantUriPermissions="true"exists in the project.Description
When an externally provided Intent is returned to an Activity with
setResult, a malicious application could exploit this by manipulating the Intent to grant itself permissions to access arbitrary Content Providers that are accessible by the vulnerable application.Evaluation
The query finds 3 TP when run on a set of 1k Android open source projects.
By adding the source defined in #6963, this goes up to 4 TP results (the extra result occurs in an intentionally vulnerable application).
The text was updated successfully, but these errors were encountered: