Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • Android - Information leakage flaw OutputStream

    • 0
    • 0
    • 0
    • 1
    • 0
    • 0
    • 0
    • 363
    Answer it

    I have developed an application in the Cordova Framework, and I have added a camera plugin for capture functionality.

    I am getting an Information Leakage flaw in the code below i think i need to initialize , using veracode to scan APK. Do i need to initialize OutputStream?

    OutputStream os = this.cordova.getActivity().getContentResolver().openOutputStream(uri);
    try {
        bitmap.compress(Bitmap.CompressFormat.JPEG, this.mQuality, os);
        os.close();
    } finally {
        if (os != null) {
            os.close();
        }
    }

 1 Answer(s)

  • Hi,
    Please compare your code from line 535 of CameraLauncher.java file:

    Uri uri = Uri.fromFile(createCaptureFile(this.encodingType, System.currentTimeMillis() + ""));
    bitmap = getScaledBitmap(sourcePath);
    
    // Double-check the bitmap.
    if (bitmap == null) {
        Log.d(LOG_TAG, "I either have a null image path or bitmap");
        this.failPicture("Unable to create bitmap!");
        return;
    }
    
    if (rotate != 0 && this.correctOrientation) {
        bitmap = getRotatedBitmap(rotate, bitmap, exif);
    }
    
    // Add compressed version of captured image to returned media store Uri
    OutputStream os = this.cordova.getActivity().getContentResolver().openOutputStream(uri);
    CompressFormat compressFormat = encodingType == JPEG ?
            CompressFormat.JPEG :
            CompressFormat.PNG;
    
    bitmap.compress(compressFormat, this.mQuality, os);
    os.close();
    
    // Restore exif data to file
    if (this.encodingType == JPEG) {
        String exifPath;
        exifPath = uri.getPath();
        exif.createOutFile(exifPath);
        exif.writeExifData();
    }
    
    // Send Uri back to JavaScript for viewing image
    this.callbackContext.success(uri.toString());
    

    Also, I am using cordova 6.1.0 version and camera plugin working fine.

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: