ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6384/java/rule.adoc
github-actions[bot] 19cafdcdbc
Create rule S6384[Java]: Components should not be vulnerable to intent redirection (#597) 
* Create rule S6384

* init rule s6384

Co-authored-by: eric-therond-sonarsource <eric-therond-sonarsource@users.noreply.github.com>
Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com>
Co-authored-by: Roberto Orlandi <71495874+roberto-orlandi-sonarsource@users.noreply.github.com>
2022-01-12 08:09:15 +01:00

75 lines
2.1 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
== Noncompliant Code Example
A component activity is exported (in this case using an intent-filter) allowing it to be launched by other mobile applications:
----
<activity android:name=".Noncompliant">
<intent-filter>
<action android:name="noncompliantaction" />
</intent-filter>
</activity>
----
Then this activity retrieves the embedded untrusted intent used to start an arbitrary component:
----
public class Noncompliant extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
// The intent used to start this exported component is retrieved
Intent intent = getIntent();
// extract the embedded Intent
Intent forward = (Intent) intent.getParcelableExtra("anotherintent");
// redirect the embedded Intent
startActivity(forward); // Noncompliant
}
}
----
== Compliant Solution
If it's not needed to make visible this component to other apps, do not export it:
----
<activity android:name=".Noncompliant" android:exported="false">
<intent-filter>
<action android:name="noncompliantaction" />
</intent-filter>
</activity>
----
It's also possible to validate the intent to be sure it's the expected one:
----
public class Noncompliant extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
// The intent used to start this exported component is retrieved
Intent intent = getIntent();
// extract the embedded Intent
Intent forward = (Intent) intent.getParcelableExtra("anotherintent");
ComponentName name = forward.resolveActivity(getPackageManager());
if (name.getPackageName().equals("package") &&
name.getClassName().equals("nonsensitiveclass")) {
// redirect the embedded Intent
startActivity(forward);
}
}
}
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
'''
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink