언어 설정

Menu
Sites
Language
Security vulnerabilities in WebApp is detected. 
Hi. Problem with certification. Application rejected with defect
"Security vulnerabilities in WebApp is detected. For more information
about the issue, please refer to the attached file.". Attached file is a
list of methods from JayData library with name "executeQuery" and the
line number in the file. Example:

cmd.executeQuery [SqLiteProvider.js]
sqlCommand.executeQuery [SqLiteProvider.js]
operationProvider.storageProvider.executeQuery
[IndexedDbProvider.min.js, IndexedDbProvider.js]
f.storageProvider.executeQuery [jaydata.min.js]
command.executeQuery [SqLiteProvider.js]
e.entityContext.executeQuery [jaydata.min.js]
data.QueryCache.executeQuery [jaydata.min.js]
g.executeQuery [SqLiteProvider.min.js]
a.executeQuery [jaydata.min.js]
this.entityContext.executeQuery [jaydata.min.js]

There is no explanation of category of vulnerabilities and how to
reproduce it. I think that this is result of automatic code scanner work
and just a mistake, but in comments to issue no one answered.

Who ever encountered a problem like this? How to solve?

Content ID 000000004857
Defect ID 2218460
 
목록

Responses

8 댓글
Lakshmi Grandhi
Hi, Did you add correct privileges for usage of database in your application "http://tizen.org/privilege/unlimitedstorage"
Вячеслав Зайцев
Thanks for the reply. Yes, this privilege is not specified. This is the security vulnerability? It is necessary to add the privilege and send the application again?
Lakshmi Grandhi
Hi, In the below link specified if you app excceds the limited database size then it should include this privilege https://developer.tizen.org/help/topic/org.tizen.web.appprogramming/html/basics_tizen_programming/web_security_privacy.htm From logs i can see this is missing. I am not sure whether this is the problem, try once uploading the widget with this privilege else check with tizen store support team for more details.
Вячеслав Зайцев
Adding privileges did not help to get certified. Security vulnerability still there :(
Lakshmi Grandhi
Hi, Please check your application using Ui Checker tool to know issues using this link https://source.tizen.org/compliance/application-compliance/web-application-checker-user-guide
Вячеслав Зайцев
Nothing interesting. Tizen Web App Checker supports only 2.1 platform. Perhaps for certification using the newer version 2.2 and that it is these errors, but it is not publicly available.
Lakshmi Grandhi
ok, i will check with team and get back to you
Вячеслав Зайцев
Renamed "executeQuery" methods in "thereIsNoSQLInjection". The problem is solved.