search

rrousselGit / flutter_hooks

React hooks for Flutter. Hooks are a new kind of object that manages a Widget life-cycles. They are used to increase code sharing between widgets and as a complete replacement for StatefulWidget.
MIT License
3.13k stars 179 forks source link

Security issue in Photo Manager #428

Closed dodatw closed 4 months ago

dodatw commented 4 months ago

Hi,

I face a Security check Alert in photo_manager android.

Here is detail:

Overwriting arbitrary files via attacker-controlled output file paths

Vulnerability Description An attacker can write arbitrary content to an arbitrary file because the attacker controls both the content to be written and the file path. In most cases, this could lead to the manipulation of various settings, user sessions, and history. In cases where an application uses dynamic code loading, an attacker can achieve arbitrary code execution by overwriting native libraries or scripts.

https://cwe.mitre.org/data/definitions/23.html https://cwe.mitre.org/data/definitions/73.html https://cwe.mitre.org/data/definitions/285.html

Here is code in photo manager:

    private fun getCacheFile(context: Context, assetEntity: AssetEntity, isOrigin: Boolean): File {
        val originString = if (isOrigin) "_o" else ""
        val name = "$filenamePrefix${assetEntity.id}${originString}_${assetEntity.displayName}"
        return File(context.cacheDir, name)
    }

They say photo manager use assetEntity.displayName for file name, it maybe have risk. Can we use other string? ex, generate GUID ?

I hope we can pass this check, otherwise, we need find other solution.

Thanks.

rrousselGit commented 4 months ago

This is unrelated.to flutter_hooks