Q
Detector Library
Kotlin detectors (23/23)
Insecure cookieCookie Without Http Only FlagImproper AuthenticationCryptographic key generatorWeak pseudorandom number generationPath traversalCross-site scriptingReusing Nonce and key in encryptionCode InjectionServer-side request forgeryCross-site request forgeryLog injectionHardcoded credentialsEnabling and overriding debug featureNull Pointer DereferenceInsecure hashingMissing encryption of sensitive dataImproper verification of IntentInsecure connection using unencrypted protocolOS Command InjectionInsecure Bean ValidationSQL injectionIncorrect Type Conversion
Improper verification of Intent High
Intent receiver method is registered without specifying any broadcast permission. Other applications can send potentially malicious broadcasts, so it is important to limit the applications that can send broadcasts to the receiver.
Detector ID
kotlin/improper-verification-of-intent@v1.0
Category
Noncompliant example
1// Noncompliant: Intent receiver method is registered without specifying any broadcast permission
2fun noncompliant(
3 context: Context, receiver: BroadcastReceiver?,
4 filter: IntentFilter?,
5 scheduler: Handler?,
6 flags: Int
7) {
8 context.registerReceiver(receiver, filter) // Sensitive
9
10 context.registerReceiver(receiver, filter, flags) // Sensitive
11
12}
Compliant example
1// Compliant: Intent receiver method is registered with a limiting broadcasting permission.
2fun compliant(
3 context: Context, receiver: BroadcastReceiver?,
4 filter: IntentFilter?,
5 broadcastPermission: String?,
6 scheduler: Handler?,
7 flags: Int
8) {
9 context.registerReceiver(receiver, filter, broadcastPermission, scheduler)
10}