mobsf.mobsfscan.android.word_readable_writable.world_writeable

profile photo of MobSFMobSF
Author
unknown
Download Count*
License

The file is World Readable and Writable. Any App can read/write to the file.

Run Locally

Run in CI

Defintion

rules:
  - id: world_writeable
    patterns:
      - pattern-either:
          - pattern: |
              Context.MODE_WORLD_WRITEABLE
    message: The file is World Readable and Writable. Any App can read/write to the
      file.
    languages:
      - java
    severity: WARNING
    metadata:
      cwe: cwe-276
      owasp-mobile: m2
      masvs: storage-2
      reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2
      license: LGPL-3.0-or-later
      vulnerability_class:
        - Other