rspec/rules/S6384/java/how-to-fix-it/android.adoc

== How to fix it in Android

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,java,diff-id=1,diff-type=noncompliant]
----
public class MainActivity extends AppCompatActivity {
    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        Intent intent = getIntent();
        Intent forward = (Intent) intent.getParcelableExtra("anotherintent");
        startActivity(forward);
    }
}
----

==== Compliant solution

[source,java,diff-id=1,diff-type=compliant]
----
public class MainActivity extends AppCompatActivity {
    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        Intent intent = getIntent();
        Intent forward = (Intent) intent.getParcelableExtra("anotherintent");
        ComponentName name = forward.resolveActivity(getPackageManager());
        if (name.getPackageName().equals("safePackage") && name.getClassName().equals("safeClass")) {
            startActivity(forward);
        }
    }
}
----

=== How does this work?

include::../../common/fix/introduction.adoc[]

include::../../common/fix/destination.adoc[]

The example compliant code uses the `resolveActivity` method of the inner intent
to determine its target component. It then uses the `getPackageName` and
`getClassName` methods to validate this destination is not sensitive.

include::../../common/fix/origin.adoc[]

include::../../common/fix/permissions.adoc[]