Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Won't Fix
-
None
-
None
-
None
-
Android Hybrid App
Description
While doing a security scan of our code using the veracode tool, following high priority defect has been found :
Associated Flaws by CWE ID: Exposed Dangerous Method or Function (CWE ID 749)(1 flaw)
Description The application provides an API or similar interface to a dangerous method or function that is not properly restricted. Effort to Fix: 2 - Implementation error. Fix is approx. 6-50 lines of code.
1 day to fix.
Recommendations Restrict the exposed API, or avoid using the classes that exhibit this behavior.
Instances found via Static Scan Flaw Id Module # Class # Module Location Fix By 53 9 - abc(name_changed).apk .../SystemWebViewEngine.java 259 16/08/16
The flaw has been caught in SystemWebViewEngine.java. It is an internal Cordova Lib class at following path:- android/CordovaLib/src/org/apache/cordova/engine/SystemWebViewEngine.java
The code at line 259 is :- webView.addJavascriptInterface(exposedJsApi, "_cordovaNative");
Since being an integral part of Cordova lib I couldn't understand how to mitigate this flaw. Can you help us to understand what should be done in order to mitigate this ?