Code Injection: ExifInterface can lead to DoS or RCE :: Recipe Details

Recipe Name:

Code Injection: ExifInterface can lead to DoS or RCE

Description:

This text will be shown as a tooltip when code violates this recipe

Level:

error

Language:

java

Tags:

security
framework specific
mobile
Android

Documentation

android.media.ExifInterface can lead to Denial of service attacks or code injection. Use android.support.media.ExifInterface instead.

Correct code example

import android.support.media.ExifInterface;

In order to add this package to your dependencies add the following line of code to your gradle file:

compile "com.android.support:exifinterface:25.1.0"

Resources

Recipe

id: scw:android:exifinterface
version: 10
metadata:
  name: 'Code Injection: ExifInterface can lead to DoS or RCE'
  shortDescription: This text will be shown as a tooltip when code violates this recipe
  level: error
  language: java
  scwCategory: injection:code
  enabled: true
  comment: java_android_avoid_androidmediaexifinterface.html
  descriptionFile: descriptions/Code_Injection__ExifInterface_can_lead_to_DoS_or_RCE.html
  tags: security;framework specific;mobile;Android
search:
  import:
    path: android.media.ExifInterface
availableFixes:
- name: Replace with android.support.media.ExifInterface
  actions:
  - rewrite:
      to: android.support.media.ExifInterface