id: insecure-provider-path

info:
  name: Android Insecure Provider Path - Detect
  author: gaurang
  severity: medium
  description: Android insecure provider path was detected.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200
  tags: android,file

file:
  - extensions:
      - all

    matchers:
      - type: regex
        regex:
          - "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\".\""
          - "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\"\""

# Enhanced by md on 2023/05/02