hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
This commit is contained in:
Tony Torralba
2022-10-17 14:14:38 +02:00
committed by GitHub
parent a540aaa35b
commit 01a08d44bb
1 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.qhelp
View File

@@ -8,20 +8,19 @@
object. <code>ContentResolver</code>s communicate with an instance of a class that implements the object. <code>ContentResolver</code>s communicate with an instance of a class that implements the
<code>ContentProvider</code> interface via URIs with the <code>content://</code> scheme. <code>ContentProvider</code> interface via URIs with the <code>content://</code> scheme.
The authority part (the first path segment) of the URI passed as parameter to the <code>ContentResolver</code> The authority part (the first path segment) of the URI, passed as parameter to the <code>ContentResolver</code>,
determines which content provider is contacted for the operation. Specific operations that act on files also determines which content provider is contacted for the operation. Specific operations that act on files also
support the <code>file://</code> scheme, in which case the local filesystem is queried instead. support the <code>file://</code> scheme, in which case the local filesystem is queried instead.
If an external component, like a malicious or compromised application, controls the URI that is used in a If an external component, like a malicious or compromised application, controls the URI for a
<code>ContentResolver</code> operation, it can trick the vulnerable application into accessing its own private <code>ContentResolver</code> operation, it can trick the vulnerable application into accessing its own private
files or non-exported content providers. Depending on what the vulnerable application does after accessing the file, files or non-exported content providers. The attacking application might be able to get access to the file by forcing it to be copied to a public directory, like
the attacking application might get access to the file by forcing it to be copied to a public directory like the external storage, or tamper with the contents by making the application overwrite the file with unexpected data.
external storage, or tamper with it by making the application overwrite it with unexpected data.
</p> </p>
</overview> </overview>
<recommendation> <recommendation>
<p> <p>
If possible, avoid using externally-provided data to determine URIs used by a <code>ContentResolver</code>. If possible, avoid using externally-provided data to determine the URI for a <code>ContentResolver</code> to use.
If that is not an option, validate that the incoming URI can only reference trusted components, like an allow list If that is not an option, validate that the incoming URI can only reference trusted components, like an allow list
of content providers and/or applications, or alternatively make sure that the URI does not reference private of content providers and/or applications, or alternatively make sure that the URI does not reference private
directories like <code>/data/</code>. directories like <code>/data/</code>.