Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-5604

Using intrusive permissions is security-sensitive

    XMLWordPrintable

    Details

    • Message:
      Make sure the use of [xxx] permission is necessary.
    • Default Severity:
      Major
    • Impact:
      Low
    • Likelihood:
      High
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      TypeScript, XML
    • Covered Languages:
      JavaScript
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      5min
    • Analysis Level:
      Syntactic Analysis
    • Analysis Scope:
      Main Sources, Test Sources
    • CWE:
      CWE-250
    • OWASP:
      A3
    • SANS Top 25:
      sans-top25-porous

      Description

      Permissions that can have a large impact on user privacy should be requested only if they are really necessary to implement critical features of an application.

      Ask Yourself Whether

      • It is not sure that intrusive permissions requested by the application are really necessary.
      • The users are not clearly informed why and when intrusive permissions are requested by the application.

      There is a risk if you answered yes to any of those questions.

      Recommended Secure Coding Practices

      It is recommended to carefully review all the permissions and to use intrusive ones only if they are really necessary.

      See

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              eric.therond Eric Therond
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: