Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Veracode scan result: Incorrect Permission Assignment for Critical Resource #414

Open
ukienet opened this issue Oct 23, 2014 · 0 comments
Open

Veracode scan result: Incorrect Permission Assignment for Critical Resource #414

ukienet opened this issue Oct 23, 2014 · 0 comments
Assignees
@alex-epifanoff

Comments

@ukienet
Copy link

ukienet commented Oct 23, 2014

Our company requires to run Veracode scans for all mobile software, so we ran android code generated by rhodes through it. Veracode reported the flaw in

com/.../rhodes/RhodesService.java 1107

Description
The software specifies permissions in a way that causes the resource to be accessible to an unintended sphere of control. A common manifestation of this is setting overly lax file permissions.

https://github.com/rhomobile/rhodes/blob/master/platform/android/Rhodes/src/com/rhomobile/rhodes/RhodesService.java#L1107

And here is the suggestion for the fix.

http://stackoverflow.com/questions/24479461/android%C2%B4s-mode-world-readable

Thank you
@lexis-t lexis-t self-assigned this Oct 26, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alex-epifanoff alex-epifanoff

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lexis-t @alex-epifanoff @ukienet