10: Create SharedUidPlugin
This commit is contained in:
Bartłomiej Pluta
@@ -57,4 +57,10 @@ public class PluginModule {
|
|||||||
public Plugin implicitIntentsPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper, JavaSyntaxRegexProvider javaSyntaxRegexProvider) {
|
public Plugin implicitIntentsPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper, JavaSyntaxRegexProvider javaSyntaxRegexProvider) {
|
||||||
return new ImplicitIntentsPlugin(globMatcher, xmlHelper, javaSyntaxRegexProvider);
|
return new ImplicitIntentsPlugin(globMatcher, xmlHelper, javaSyntaxRegexProvider);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Provides
|
||||||
|
@IntoSet
|
||||||
|
public Plugin sharedUidPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
|
||||||
|
return new SharedUidPlugin(globMatcher, xmlHelper);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,28 @@
|
|||||||
|
package com.bartek.esa.core.plugin;
|
||||||
|
|
||||||
|
import com.bartek.esa.core.archetype.AndroidManifestPlugin;
|
||||||
|
import com.bartek.esa.core.model.enumeration.Severity;
|
||||||
|
import com.bartek.esa.core.xml.XmlHelper;
|
||||||
|
import com.bartek.esa.file.matcher.GlobMatcher;
|
||||||
|
import org.w3c.dom.Document;
|
||||||
|
import org.w3c.dom.Node;
|
||||||
|
|
||||||
|
import javax.inject.Inject;
|
||||||
|
import javax.xml.xpath.XPathConstants;
|
||||||
|
import java.util.Optional;
|
||||||
|
|
||||||
|
public class SharedUidPlugin extends AndroidManifestPlugin {
|
||||||
|
|
||||||
|
@Inject
|
||||||
|
public SharedUidPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
|
||||||
|
super(globMatcher, xmlHelper);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void run(Document xml) {
|
||||||
|
Node manifestNode = (Node) xPath(xml, "/manifest", XPathConstants.NODE);
|
||||||
|
Optional.ofNullable(manifestNode.getAttributes().getNamedItem("android:sharedUserId")).ifPresent(node -> {
|
||||||
|
addIssue(Severity.VULNERABILITY, null, node.toString());
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -58,4 +58,9 @@ com.bartek.esa.core.plugin.ImplicitIntentsPlugin.IMPLICIT_INTENT=Creating implic
|
|||||||
|
|
||||||
com.bartek.esa.core.plugin.ImplicitIntentsPlugin.PENDING_INTENT=Creating pending intent from implicit intent. Potential permission escalation vulnerability\n\
|
com.bartek.esa.core.plugin.ImplicitIntentsPlugin.PENDING_INTENT=Creating pending intent from implicit intent. Potential permission escalation vulnerability\n\
|
||||||
As far as pending intents contains UID of issuing application and its permissions, they should be fed only\n\
|
As far as pending intents contains UID of issuing application and its permissions, they should be fed only\n\
|
||||||
with explicit intents to avoid permission escalation vulnerability.
|
with explicit intents to avoid permission escalation vulnerability.
|
||||||
|
|
||||||
|
com.bartek.esa.core.plugin.SharedUidPlugin=Making use of shared UserID.\n\
|
||||||
|
Shared UserID violates a sandbox nature of Android system. All applications working with the same UID work also \n\
|
||||||
|
within the same process and share granted permissions, resources and so on.\n\
|
||||||
|
Remember, that if you really want to use this feature, after publishing your app, you won't be able to change it anymore.
|
||||||
Reference in New Issue
Block a user