Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug report] Security issue in Photo Manager #1132

Closed
dodatw opened this issue May 22, 2024 · 1 comment
Closed

[Bug report] Security issue in Photo Manager #1132

dodatw opened this issue May 22, 2024 · 1 comment
Labels
Invalid: Missing requirements

Comments

@dodatw
Copy link

dodatw commented May 22, 2024

Version

2.8.1

Platforms

Android

Device Model

All

flutter info

[✓] Flutter (Channel stable, 3.13.9, on macOS 14.4.1 23E224 darwin-arm64, locale
    zh-Hant-TW)
    • Flutter version 3.13.9 on channel stable at
      /Users/rdapp/fvm/versions/3.13.9
    • Upstream repository https://github.com/flutter/flutter.git
    • Framework revision d211f42860 (7 個月前), 2023-10-25 13:42:25 -0700
    • Engine revision 0545f8705d
    • Dart version 3.1.5
    • DevTools version 2.25.0
    • Pub download mirror http://app-pub-pc01.pft.com:8080

[✓] Android toolchain - develop for Android devices (Android SDK version 33.0.2)
    • Android SDK at /Users/rdapp/Library/Android/sdk
    • Platform android-34, build-tools 33.0.2
    • Java binary at: /Applications/Android
      Studio.app/Contents/jbr/Contents/Home/bin/java
    • Java version OpenJDK Runtime Environment (build
      17.0.10+0-17.0.10b1087.21-11572160)
    • All Android licenses accepted.

[✓] Xcode - develop for iOS and macOS (Xcode 15.3)
    • Xcode at /Applications/Xcode.app/Contents/Developer
    • Build 15E204a
    • CocoaPods version 1.15.2

[✓] Android Studio (version 2023.3)
    • Android Studio at /Applications/Android Studio.app/Contents
    • Flutter plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/9212-flutter
    • Dart plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/6351-dart
    • Java version OpenJDK Runtime Environment (build
      17.0.10+0-17.0.10b1087.21-11572160)

How to reproduce?

Hi,

I face a Security check Alert in photo_manager android.

Here is detail:

Overwriting arbitrary files via attacker-controlled output file paths

Vulnerability Description
An attacker can write arbitrary content to an arbitrary file because the attacker controls both the content to be written and the file path. In most cases, this could lead to the manipulation of various settings, user sessions, and history. In cases where an application uses dynamic code loading, an attacker can achieve arbitrary code execution by overwriting native libraries or scripts.

https://cwe.mitre.org/data/definitions/23.html
https://cwe.mitre.org/data/definitions/73.html
https://cwe.mitre.org/data/definitions/285.html

Here is code in photo manager:

    private fun getCacheFile(context: Context, assetEntity: AssetEntity, isOrigin: Boolean): File {
        val originString = if (isOrigin) "_o" else ""
        val name = "$filenamePrefix${assetEntity.id}${originString}_${assetEntity.displayName}"
        return File(context.cacheDir, name)
    }

They say photo manager use assetEntity.displayName for file name, it maybe have risk.
Can we use other string? ex, generate GUID ?

I hope we can pass this check, otherwise, we need find other solution.

Thanks.

Logs

No response

Example code (optional)

No response

Contact

No response
@AlexV525
Copy link
Member

AlexV525 commented Jun 7, 2024

Why it seems to be an issue? All files are under the sandbox of your app.

@AlexV525 AlexV525 closed this as not planned Won't fix, can't repro, duplicate, stale Jun 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Invalid: Missing requirements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AlexV525 @dodatw