Security vulnerabilities in WebApp is detected.

由 Вячеслав Зайцев

2013年 09月 10日 23:49 English(英语) 8 回复

Hi. Problem with certification. Application rejected with defect
"Security vulnerabilities in WebApp is detected. For more information
about the issue, please refer to the attached file.". Attached file is a
list of methods from JayData library with name "executeQuery" and the
line number in the file. Example:

cmd.executeQuery [SqLiteProvider.js]
sqlCommand.executeQuery [SqLiteProvider.js]
operationProvider.storageProvider.executeQuery
[IndexedDbProvider.min.js, IndexedDbProvider.js]
f.storageProvider.executeQuery [jaydata.min.js]
command.executeQuery [SqLiteProvider.js]
e.entityContext.executeQuery [jaydata.min.js]
data.QueryCache.executeQuery [jaydata.min.js]
g.executeQuery [SqLiteProvider.min.js]
a.executeQuery [jaydata.min.js]
this.entityContext.executeQuery [jaydata.min.js]

There is no explanation of category of vulnerabilities and how to
reproduce it. I think that this is result of automatic code scanner work
and just a mistake, but in comments to issue no one answered.

Who ever encountered a problem like this? How to solve?

Content ID 000000004857
Defect ID 2218460

响应

8 回复

Lakshmi Grandhi

2013年 09月 11日 00:20

Hi, Did you add correct privileges for usage of database in your application "http://tizen.org/privilege/unlimitedstorage"

回复此主题
标记为答案
- 报告
- 编辑
- 删除

Вячеслав Зайцев Lakshmi Grandhi

2013年 09月 11日 01:41

Thanks for the reply. Yes, this privilege is not specified. This is the security vulnerability? It is necessary to add the privilege and send the application again?

回复此主题
标记为答案
- 报告
- 编辑
- 删除

Lakshmi Grandhi Вячеслав Зайцев

2013年 09月 11日 02:23

Hi, In the below link specified if you app excceds the limited database size then it should include this privilege https://developer.tizen.org/help/topic/org.tizen.web.appprogramming/html/basics_tizen_programming/web_security_privacy.htm From logs i can see this is missing. I am not sure whether this is the problem, try once uploading the widget with this privilege else check with tizen store support team for more details.

回复此主题
标记为答案
- 报告
- 编辑
- 删除

Вячеслав Зайцев Lakshmi Grandhi

2013年 09月 13日 05:05

Adding privileges did not help to get certified. Security vulnerability still there :(

回复此主题
标记为答案
- 报告
- 编辑
- 删除

Lakshmi Grandhi Вячеслав Зайцев

2013年 09月 13日 05:17

Hi, Please check your application using Ui Checker tool to know issues using this link https://source.tizen.org/compliance/application-compliance/web-application-checker-user-guide

回复此主题
标记为答案
- 报告
- 编辑
- 删除

Вячеслав Зайцев Lakshmi Grandhi

2013年 09月 13日 05:39

Nothing interesting. Tizen Web App Checker supports only 2.1 platform. Perhaps for certification using the newer version 2.2 and that it is these errors, but it is not publicly available.