向 FileProvider 不当披露目录
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
OWASP 类别:MASVS-STORAGE:存储
概览
配置不当的 FileProvider
可能会意外向攻击者泄露文件和目录。根据具体配置,攻击者可能会读取或写入这些已泄露的文件,进而导致敏感信息渗漏,在最糟糕的情况下,攻击者可能会执行任意代码。例如,如果在应用的配置中设置了 <root-path>
,攻击者就能访问在数据库中存储的敏感信息,或覆盖应用的原生库,从而执行任意代码。
影响
具体影响因配置和文件内容而异,但通常会导致数据泄露(读取时)或文件覆盖(写入时)。
缓解措施
请勿在配置中使用 <root-path> 路径元素
<root-path>
对应于设备的根目录 (/
)。如果在配置中使用此元素,他人便可以随意访问文件和文件夹,包括应用的沙盒和 /sdcard
目录,这会向攻击者提供非常广的攻击面。
共享狭窄的路径范围
在路径配置文件中,避免共享宽泛的路径范围,如 .
或 /
,否则可能会导致敏感文件意外泄露。请仅共享有限/更窄的路径范围,并确保此路径下只有您要共享的文件。这样可以防止敏感文件意外泄露。
采用更安全设置的典型配置文件如下所示:
Xml
<paths>
<files-path name="images" path="images/" />
<files-path name="docs" path="docs" />
<cache-path name="cache" path="net-export/" />
</paths>
检查并验证外部 URI
请验证外部 URI(使用 content
架构),并确保它们未指向应用的本地文件。这样可以防止信息意外泄露。
授予最低访问权限
content URI
可以同时具有读取和写入访问权限。请确保只授予所需的最低访问权限。
例如,如果仅需要读取权限,则仅明确授予 FLAG_GRANT_READ_URI_PERMISSION
。
个人身份信息 (PII) 等敏感数据不应存储在应用容器或系统凭据存储设施之外的地方。因此,除非您明确确认存储/共享的信息不是敏感信息,否则请避免使用 <external-path>
元素。
资源
本页面上的内容和代码示例受内容许可部分所述许可的限制。Java 和 OpenJDK 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2023-12-08。
[null,null,["最后更新时间 (UTC):2023-12-08。"],[],[],null,["# Improperly Exposed Directories to FileProvider\n\n\u003cbr /\u003e\n\n**OWASP category:** [MASVS-STORAGE: Storage](https://mas.owasp.org/MASVS/05-MASVS-STORAGE)\n\nOverview\n--------\n\nAn improperly configured `FileProvider` can unintentionally expose files and directories to an attacker. Depending on the configuration, an attacker can read from or write to these exposed files, which in turn can lead to the exfiltration of sensitive information or, in the worst case, arbitrary code execution. For example, an application with `\u003croot-path\u003e` set in the configuration could enable an attacker to access sensitive information stored in databases or to overwrite the application's native libraries, leading to arbitrary code execution.\n\nImpact\n------\n\nThe impact varies depending on the configuration and file content, but generally leads to data leakage (when reading) or overwriting (when writing) files.\n\nMitigations\n-----------\n\n### Do not use the \\\u003croot-path\\\u003e path element in the configuration\n\n`\u003croot-path\u003e` corresponds to the root directory of the device (`/`). Allowing this in the configuration provides arbitrary access to files and folders, including the app's sandbox and `/sdcard` directory, which offers a very broad attack surface to an attacker.\n\n### Share narrow path ranges\n\nIn the path configuration file, avoid sharing a broad path range like `.` or `/`. Doing so can lead to exposing sensitive files by mistake. Share only a limited/narrower path range and ensure only files you want to share are under this path. This will prevent exposing sensitive files by mistake.\n\nA typical configuration file with safer settings could look like this: \n\n### Xml\n\n \u003cpaths\u003e\n \u003cfiles-path name=\"images\" path=\"images/\" /\u003e\n \u003cfiles-path name=\"docs\" path=\"docs\" /\u003e\n \u003ccache-path name=\"cache\" path=\"net-export/\" /\u003e\n \u003c/paths\u003e\n\n### Check and validate the external URIs\n\nValidate the external URIs (using a `content` scheme) and ensure they are not pointing to your application's local files. This prevents any inadvertent information leak.\n\n### Grant minimum access permissions\n\nA [`content URI`](/guide/topics/providers/content-provider-basics#ContentURIs) can have both read and write access permissions. Ensure only the minimum required access permission is granted.\nFor example, if *only* read permission is required, then explicitly grant only [`FLAG_GRANT_READ_URI_PERMISSION`](/reference/android/content/Intent#FLAG_GRANT_READ_URI_PERMISSION).\n\n### Avoid usage of \\\u003cexternal-path\\\u003e for storing/sharing sensitive information\n\nSensitive data, like personally identifiable information (PII), should not be stored outside of the application container or system credential storage facilities. Thus, avoid the usage of the`\u003cexternal-path\u003e` element, unless you have explicitly verified that the information being stored/shared is not sensitive.\n\nResources\n---------\n\n- [FileProvider Documentation](/reference/androidx/core/content/FileProvider)\n\n- [Vulnerability on using \\\u003croot-path\\\u003e](https://hackerone.com/reports/876192)"]]