Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-5594

Restrict access to exported components with appropriate permissions

    XMLWordPrintable

    Details

    • Message:
      Implement permissions on this exported component.
    • Default Severity:
      Major
    • Impact:
      Low
    • Likelihood:
      High
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      XML
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      10min
    • Analysis Level:
      Syntactic Analysis
    • Analysis Scope:
      Main Sources
    • Common Rule:
      Yes
    • CERT:
      SEC50-J.
    • CWE:
      CWE-926
    • SANS Top 25:
      Porous Defenses

      Description

      If an Android component is exported and no permissions are defined then other mobile apps can interact with it and perform potential unauthorized actions.

      For instance, an exported content provider can expose sensitive data, if no permissions are defined, to other mobile apps.

      It's highly recommended to implement restrictive permissions on exposed components.

      See

        Attachments

          Issue Links

          1.
          Xml RSPEC-5597 Language-Specification Active Unassigned

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              eric.therond Eric Therond
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: