Security issue in Photo Manager

[dodatw]

Hi,

I face a Security check Alert in photo_manager android.

Here is detail:

Overwriting arbitrary files via attacker-controlled output file paths

Vulnerability Description
An attacker can write arbitrary content to an arbitrary file because the attacker controls both the content to be written and the file path. In most cases, this could lead to the manipulation of various settings, user sessions, and history. In cases where an application uses dynamic code loading, an attacker can achieve arbitrary code execution by overwriting native libraries or scripts.

https://cwe.mitre.org/data/definitions/23.html
https://cwe.mitre.org/data/definitions/73.html
https://cwe.mitre.org/data/definitions/285.html

Here is code in photo manager:

    private fun getCacheFile(context: Context, assetEntity: AssetEntity, isOrigin: Boolean): File {
        val originString = if (isOrigin) "_o" else ""
        val name = "$filenamePrefix${assetEntity.id}${originString}_${assetEntity.displayName}"
        return File(context.cacheDir, name)
    }

They say photo manager use assetEntity.displayName for file name, it maybe have risk.
Can we use other string? ex, generate GUID ?

I hope we can pass this check, otherwise, we need find other solution.

Thanks.

[rrousselGit]

This is unrelated.to flutter_hooks