You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cordova.apache.org by GitBox <gi...@apache.org> on 2019/06/07 12:30:58 UTC

[GitHub] [cordova-android] Hanzofm opened a new issue #740: Problem security audit and code correctness

Hanzofm opened a new issue #740: Problem security audit and code correctness
URL: https://github.com/apache/cordova-android/issues/740
 
 
   # Bug Report
   
   ## Problem
   
   Recently we have submitted our Ionic App for a security audit and this is report about Cordova-
   
   Android:
   **-Vulnerability**: Code Correctness: Double-Checked Locking
   **-Description:** The method relies on double-checked locking, an incorrect idiom that does not achieve the intended effect.
   **-Fortify Priority:** High.
   **-Fortify Priority:** Explotable.
   
   **-Sink:**
   
   ```
   File Path : File Path : project/node_modules/cordova-android/framework/src/org/apache/cordova/NativeToJsMessageQueue.java Line Number : 93
   if (newMode != null) {
                           newMode.reset();
                           if (!paused && !queue.isEmpty()) {
                               newMode.onNativeToJsMessageAvailable(this);
                           }
   ```
   
   **Recommendation:**
   Avoid   double null-checking adding into code complexity and maintenance burden.   Synchronize and then null check
   
   **Environment**
   Ionic info:
   
   ```
   Ionic:
   
      ionic (Ionic CLI)  : 4.8.0
      Ionic Framework    : ionic-angular 3.9.2
      @ionic/app-scripts : 3.2.1
   
   Cordova:
   
      cordova (Cordova CLI) : 8.0.0
      Cordova Platforms     : android 7.1.4, ios 4.5.5
      Cordova Plugins       : no whitelisted plugins (14 plugins total)
   
   System:
   
      Android SDK Tools : 26.1.1 (/Users/user/Library/Android/sdk)
      ios-deploy        : 1.9.2
      ios-sim           : 7.0.0
      NodeJS            : v9.9.0 (/usr/local/bin/node)
      npm               : 5.7.1
      OS                : macOS Mojave
      Xcode             : Xcode 10.2 Build version 10E125
   ```
   
   The version of Cordova-android is 7.1.4 but into 8.0.0 version the problem persist
   
   It should be fixed?
   
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org