mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
67 lines
2.7 KiB
Diff
67 lines
2.7 KiB
Diff
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||
|
From: Kiran Ramachandra <kiranmr@google.com>
|
||
|
Date: Wed, 5 Jun 2024 21:03:33 +0000
|
||
|
Subject: [PATCH] DO NOT MERGE Ignore - Sanitized uri scheme by removing scheme
|
||
|
delimiter
|
||
|
|
||
|
Initially considered removing unsupported characters as per IANA guidelines, but this could break applications that use custom schemes with asterisks. Instead, opted to remove only the "://" to minimize disruption
|
||
|
|
||
|
Bug: 261721900
|
||
|
Test: atest FrameworksCoreTests:android.net.UriTest
|
||
|
|
||
|
No-Typo-Check: The unit test is specifically written to test few cases, string "http://https://" is not a typo
|
||
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1fd0421801c391dd619cafeeea8d379a9029074a)
|
||
|
Merged-In: I88b1550a5d8b3dc0f6286e28899884025d059645
|
||
|
Change-Id: I88b1550a5d8b3dc0f6286e28899884025d059645
|
||
|
---
|
||
|
core/java/android/net/Uri.java | 6 +++++-
|
||
|
core/tests/coretests/src/android/net/UriTest.java | 11 +++++++++++
|
||
|
2 files changed, 16 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/core/java/android/net/Uri.java b/core/java/android/net/Uri.java
|
||
|
index 84fc4f78edc4..4446f09bc874 100644
|
||
|
--- a/core/java/android/net/Uri.java
|
||
|
+++ b/core/java/android/net/Uri.java
|
||
|
@@ -1380,7 +1380,11 @@ public abstract class Uri implements Parcelable, Comparable<Uri> {
|
||
|
* @param scheme name or {@code null} if this is a relative Uri
|
||
|
*/
|
||
|
public Builder scheme(String scheme) {
|
||
|
- this.scheme = scheme;
|
||
|
+ if (scheme != null) {
|
||
|
+ this.scheme = scheme.replace("://", "");
|
||
|
+ } else {
|
||
|
+ this.scheme = null;
|
||
|
+ }
|
||
|
return this;
|
||
|
}
|
||
|
|
||
|
diff --git a/core/tests/coretests/src/android/net/UriTest.java b/core/tests/coretests/src/android/net/UriTest.java
|
||
|
index 670aefd21d36..17a37831afdb 100644
|
||
|
--- a/core/tests/coretests/src/android/net/UriTest.java
|
||
|
+++ b/core/tests/coretests/src/android/net/UriTest.java
|
||
|
@@ -18,6 +18,7 @@ package android.net;
|
||
|
|
||
|
import android.content.ContentUris;
|
||
|
import android.os.Parcel;
|
||
|
+import android.platform.test.annotations.AsbSecurityTest;
|
||
|
|
||
|
import androidx.test.filters.SmallTest;
|
||
|
|
||
|
@@ -88,6 +89,16 @@ public class UriTest extends TestCase {
|
||
|
assertNull(u.getHost());
|
||
|
}
|
||
|
|
||
|
+ @AsbSecurityTest(cveBugId = 261721900)
|
||
|
+ @SmallTest
|
||
|
+ public void testSchemeSanitization() {
|
||
|
+ Uri uri = new Uri.Builder()
|
||
|
+ .scheme("http://https://evil.com:/te:st/")
|
||
|
+ .authority("google.com").path("one/way").build();
|
||
|
+ assertEquals("httphttpsevil.com:/te:st/", uri.getScheme());
|
||
|
+ assertEquals("httphttpsevil.com:/te:st/://google.com/one/way", uri.toString());
|
||
|
+ }
|
||
|
+
|
||
|
@SmallTest
|
||
|
public void testStringUri() {
|
||
|
assertEquals("bob lee",
|