Open
Description
Bug Report
Problem
Recently we have submitted our Ionic App for a security audit and this is report about Cordova-
Android:
-Vulnerability: Code Correctness: Double-Checked Locking
-Description: The method relies on double-checked locking, an incorrect idiom that does not achieve the intended effect.
-Fortify Priority: High.
-Fortify Priority: Explotable.
-Sink:
File Path : File Path : project/node_modules/cordova-android/framework/src/org/apache/cordova/NativeToJsMessageQueue.java Line Number : 93
if (newMode != null) {
newMode.reset();
if (!paused && !queue.isEmpty()) {
newMode.onNativeToJsMessageAvailable(this);
}
Recommendation:
Avoid double null-checking adding into code complexity and maintenance burden. Synchronize and then null check
Environment
Ionic info:
Ionic:
ionic (Ionic CLI) : 4.8.0
Ionic Framework : ionic-angular 3.9.2
@ionic/app-scripts : 3.2.1
Cordova:
cordova (Cordova CLI) : 8.0.0
Cordova Platforms : android 7.1.4, ios 4.5.5
Cordova Plugins : no whitelisted plugins (14 plugins total)
System:
Android SDK Tools : 26.1.1 (/Users/user/Library/Android/sdk)
ios-deploy : 1.9.2
ios-sim : 7.0.0
NodeJS : v9.9.0 (/usr/local/bin/node)
npm : 5.7.1
OS : macOS Mojave
Xcode : Xcode 10.2 Build version 10E125
The version of Cordova-android is 7.1.4 but into 8.0.0 version the problem persist
It should be fixed?