16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
55 lines
1.5 KiB
Plaintext
55 lines
1.5 KiB
Plaintext
== How to fix it in Android
|
|
|
|
=== Code examples
|
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,java,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
public class Noncompliant extends AppCompatActivity {
|
|
@Override
|
|
protected void onCreate(Bundle savedInstanceState) {
|
|
Intent intent = getIntent();
|
|
Intent forward = (Intent) intent.getParcelableExtra("anotherintent");
|
|
startActivity(forward); // Noncompliant
|
|
}
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,java,diff-id=1,diff-type=compliant]
|
|
----
|
|
public class MainActivity extends AppCompatActivity {
|
|
@Override
|
|
protected void onCreate(Bundle savedInstanceState) {
|
|
super.onCreate(savedInstanceState);
|
|
|
|
Intent intent = getIntent();
|
|
Intent forward = (Intent) intent.getParcelableExtra("anotherintent");
|
|
|
|
ComponentName name = forward.resolveActivity(getPackageManager());
|
|
if (name.getPackageName().equals("safePackage") &&
|
|
name.getClassName().equals("safeClass")) {
|
|
startActivity(forward);
|
|
}
|
|
}
|
|
}
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/introduction.adoc[]
|
|
|
|
include::../../common/fix/destination.adoc[]
|
|
|
|
The example compliant code uses the `resolveActivity` method of the inner intent
|
|
to determine its target component. It then uses the `getPackageName` and
|
|
`getClassName` methods to validate this destination is not sensitive.
|
|
|
|
include::../../common/fix/origin.adoc[]
|
|
|
|
include::../../common/fix/permissions.adoc[]
|