search

Sbouamri / Approver

Test repository
0 stars 0 forks source link

[ID: EXTERNAL_STORAGE] External Storage Accessing #77

Open Sbouamri opened 5 years ago

Sbouamri commented 5 years ago

Found external storage access API. Please remember not to write security-critical files to external storage. REMEDIATION: Please revise all the external storage access in order to identify eventual leaks of critical information. Vulnerable Code:

api_class Landroid/os/Environment;
api_method getExternalStorageDirectory
method onCreate
string Lorg/csploit/android/gui/DirectoryPicker;->onCreate(Landroid/os/Bundle;)V ---> Landroid/os/Environment;->getExternalStorageDirectory()Ljava/io/File;
api_type ()Ljava/io/File;
id Landroid/os/Environment;->getExternalStorageDirectory()Ljava/io/File;
type (Landroid/os/Bundle;)V
class Lorg/csploit/android/gui/DirectoryPicker;
api_class Landroid/os/Environment;
api_method getExternalStorageDirectory
method init
string Lorg/csploit/android/core/System;->init(Landroid/content/Context;)V ---> Landroid/os/Environment;->getExternalStorageDirectory()Ljava/io/File;
api_type ()Ljava/io/File;
id Landroid/os/Environment;->getExternalStorageDirectory()Ljava/io/File;
type (Landroid/content/Context;)V
class Lorg/csploit/android/core/System;
api_class Landroid/os/Environment;
api_method getExternalStorageDirectory
method errorLogging
string Lorg/csploit/android/core/System;->errorLogging(Ljava/lang/Throwable;)V ---> Landroid/os/Environment;->getExternalStorageDirectory()Ljava/io/File;
api_type ()Ljava/io/File;
id Landroid/os/Environment;->getExternalStorageDirectory()Ljava/io/File;
type (Ljava/lang/Throwable;)V
class Lorg/csploit/android/core/System;