[AC-6640] Is it possible titanium android app uses java reflection to create unexpected flow path through application
| GitHub Issue | n/a |
|---|---|
| Type | Bug |
| Priority | n/a |
| Status | Open |
| Resolution | Unresolved |
| Affected Version/s | n/a |
| Fix Version/s | n/a |
| Components | n/a |
| Labels | android |
| Reporter | shishir.roy |
| Assignee | Abir Mukherjee |
| Created | 2020-12-04T10:31:02.000+0000 |
| Updated | 2020-12-07T13:34:03.000+0000 |
Description
We have run security checks tools (ZIMPERIUM) for our android app which builds on titanium SDK.
Check the below output:
This app uses Java code reflection. Reflection enables a Java program to analyze and modify itself. An attacker can create unexpected control flow paths through the application, potentially by-passing security checks. The exploitation of this weakness can result in a limited form of code injection.
Details:
org.appcelerator.titanium.util.TiUIHelper
ti.modules.titanium.ui.widget.webview.TiUIWebView
org.jaxen.dom.NamespaceNode
org.appcelerator.titanium.view.TiUIView
org.appcelerator.titanium.proxy.TiViewProxy
Is there is any concern about this.
This is only a problem if you allow users to input JavaScript and eval this code to generate more UI. If you sanitize your inputs you will not have any problems. Letting users input code also means reading JavaScript from webviews and running that blindly in Titanium itself, (not in the webview). WebViews have an EvalJS option, but you are in full control of what goes through this, and this is from Titanium to WebView.