48 lines
1.3 KiB
Plaintext
48 lines
1.3 KiB
Plaintext
== How to fix it in Android
|
|
|
|
=== Code examples
|
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,kotlin,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
class MainActivity : AppCompatActivity() {
|
|
override fun onCreate(savedInstanceState: Bundle?) {
|
|
super.onCreate(savedInstanceState)
|
|
val forward = intent.getParcelableExtra("anotherintent") as? Intent
|
|
startActivity(forward)
|
|
}
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,kotlin,diff-id=1,diff-type=compliant]
|
|
----
|
|
class MainActivity : AppCompatActivity() {
|
|
override fun onCreate(savedInstanceState: Bundle?) {
|
|
super.onCreate(savedInstanceState)
|
|
val forward = intent.getParcelableExtra("anotherintent") as? Intent
|
|
val name = forward?.resolveActivity(packageManager)
|
|
if (name?.packageName == "safePackage" && name.className == "safeClass")
|
|
startActivity(forward)
|
|
}
|
|
}
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/introduction.adoc[]
|
|
|
|
include::../../common/fix/destination.adoc[]
|
|
|
|
The example compliant code uses the `resolveActivity` method of the inner intent
|
|
to determine its target component. It then uses the `packageName` and
|
|
`className` properties to validate this destination is not sensitive.
|
|
|
|
include::../../common/fix/origin.adoc[]
|
|
|
|
include::../../common/fix/permissions.adoc[]
|