bartek/esa-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

10: Create PermissionsRaceConditionPlugin

Browse Source
This commit is contained in:
Bartłomiej Pluta
2019-04-05 14:47:04 +02:00
parent f4ed3e259d
commit 5f7dc6c2c9
3 changed files with 58 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/com/bartek/esa/core/di/PluginModule.java
View File

@@ -4,6 +4,7 @@ import com.bartek.esa.core.archetype.Plugin;
import com.bartek.esa.core.plugin.AllowBackupPlugin;
import com.bartek.esa.core.plugin.DebuggablePlugin;
import com.bartek.esa.core.plugin.LoggingPlugin;
import com.bartek.esa.core.plugin.PermissionsRaceConditionPlugin;
import com.bartek.esa.core.xml.XmlHelper;
import com.bartek.esa.file.matcher.GlobMatcher;
import dagger.Module;
@@ -40,4 +41,10 @@ public class PluginModule {
public Plugin allowBackupPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
return new AllowBackupPlugin(globMatcher, xmlHelper);
}
@Provides
@IntoSet
public Plugin permissionRaceConditionPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
return new PermissionsRaceConditionPlugin(globMatcher, xmlHelper);
}
}

35
src/main/java/com/bartek/esa/core/plugin/PermissionsRaceConditionPlugin.java Normal file
View File

@@ -0,0 +1,35 @@
package com.bartek.esa.core.plugin;
import com.bartek.esa.core.archetype.AndroidManifestPlugin;
import com.bartek.esa.core.model.enumeration.Severity;
import com.bartek.esa.core.xml.XmlHelper;
import com.bartek.esa.file.matcher.GlobMatcher;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import javax.inject.Inject;
import javax.xml.xpath.XPathConstants;
import static java.lang.Integer.parseInt;
public class PermissionsRaceConditionPlugin extends AndroidManifestPlugin {
@Inject
public PermissionsRaceConditionPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
super(globMatcher, xmlHelper);
}
@Override
protected void run(Document xml) {
boolean isAnyPermissionDefined = ((NodeList) xPath(xml, "/manifest/permission", XPathConstants.NODESET)).getLength() > 0;
if(isAnyPermissionDefined) {
Node usesSdkNode = (Node) xPath(xml, "/manifest/uses-sdk", XPathConstants.NODE);
Node minSdkVersionNode = usesSdkNode.getAttributes().getNamedItem("android:minSdkVersion");
int minSdkVersion = parseInt(minSdkVersionNode.getNodeValue());
if(minSdkVersion < 21) {
addIssue(Severity.VULNERABILITY, null, minSdkVersionNode.toString());
}
}
}
}

5
src/main/resources/description.properties
View File

@@ -41,3 +41,8 @@ com.bartek.esa.core.plugin.AllowBackupPlugin.NO_FALSE=The android:allowBackup is
The android:allowBackup option in AndroidManifest.xml is set to 'true'. \n\
This will allow accessing the backups via adb if device has USB debugging enabled.\n\
Consider setting it to 'false'.
com.bartek.esa.core.plugin.PermissionsRaceConditionPlugin=Potential permissions race condition vulnerability. \n\
There are declared custom permissions in AndroidManifest.xml and the minimal API version is set to less than 21.\n\
It means that declared permissions can be obtained by malicious application installed before and without need of having 1proper signature.\n\
Consider setting minimal API version to 21 at least.