CWE-925 广播接收机对意图的不当验证

Improper Verification of Intent by Broadcast Receiver

结构: Simple

Abstraction: Variant

状态: Incomplete

被利用可能性: unkown

基本描述

The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.

扩展描述

Certain types of Intents, identified by action string, can only be broadcast by the operating system itself, not by third-party applications. However, when an application registers to receive these implicit system intents, it is also registered to receive any explicit intents. While a malicious application cannot send an implicit system intent, it can send an explicit intent to the target application, which may assume that any received intent is a valid implicit system intent and not an explicit intent from another application. This may lead to unintended behavior.

相关缺陷

• cwe_Nature: ChildOf cwe_CWE_ID: 923 cwe_View_ID: 1000 cwe_Ordinal: Primary

• cwe_Nature: ChildOf cwe_CWE_ID: 923 cwe_View_ID: 699 cwe_Ordinal: Primary

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

Paradigm: {'cwe_Name': 'Mobile', 'cwe_Prevalence': 'Undetermined'}

常见的影响

可能的缓解方案

Architecture and Design

策略:

Before acting on the Intent, check the Intent Action to make sure it matches the expected System action.

示例代码

例

The following example demonstrates the weakness.

bad XML

The ShutdownReceiver class will handle the intent:

bad Java

Because the method does not confirm that the intent action is the expected system intent, any received intent will trigger the shutdown procedure, as shown here:

attack Java

An attacker can use this behavior to cause a denial of service.

Notes

相关攻击模式

• CAPEC-499

引用

• REF-922 Analyzing Inter-Application Communication in Android