bartek/esa-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

10: Create PermissionsRaceConditionPlugin

Browse Source
This commit is contained in:
Bartłomiej Pluta
2019-04-05 14:47:04 +02:00
parent f4ed3e259d
commit 5f7dc6c2c9
3 changed files with 58 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/main/resources/description.properties
View File

@@ -26,18 +26,23 @@ com.bartek.esa.core.plugin.DebuggablePlugin.NO_ATTR=There is no android:debuggab
For example: <application android:debuggable="false">
com.bartek.esa.core.plugin.DebuggablePlugin.NO_FALSE=The android:debuggable is set to 'true'. Potential data leakage. \n\
The android:debuggable option in AndroidManifest.xml is set to 'true'. \n\
This will cause application to be debuggable and can result in \
security issues and data leakage on the production environment. \n\
Consider setting it to 'false'.
The android:debuggable option in AndroidManifest.xml is set to 'true'. \n\
This will cause application to be debuggable and can result in \
security issues and data leakage on the production environment. \n\
Consider setting it to 'false'.
com.bartek.esa.core.plugin.AllowBackupPlugin.NO_ATTR=There is no android:allowBackup option. Potential data leakage. \n\
The android:allowBackup option was not found in the AndroidManifest.xml file. \n\
To avoid any potential data theft in the future, please explicitly set this flag to false. \n\
The attribute should be placed in <application> tag.\n\
For example: <application android:allowBackup="false">
The android:allowBackup option was not found in the AndroidManifest.xml file. \n\
To avoid any potential data theft in the future, please explicitly set this flag to false. \n\
The attribute should be placed in <application> tag.\n\
For example: <application android:allowBackup="false">
com.bartek.esa.core.plugin.AllowBackupPlugin.NO_FALSE=The android:allowBackup is set to 'true'. Potential data leakage. \n\
The android:allowBackup option in AndroidManifest.xml is set to 'true'. \n\
This will allow accessing the backups via adb if device has USB debugging enabled.\n\
Consider setting it to 'false'.
The android:allowBackup option in AndroidManifest.xml is set to 'true'. \n\
This will allow accessing the backups via adb if device has USB debugging enabled.\n\
Consider setting it to 'false'.
com.bartek.esa.core.plugin.PermissionsRaceConditionPlugin=Potential permissions race condition vulnerability. \n\
There are declared custom permissions in AndroidManifest.xml and the minimal API version is set to less than 21.\n\
It means that declared permissions can be obtained by malicious application installed before and without need of having 1proper signature.\n\
Consider setting minimal API version to 21 at least.