97668ae137233a1176b78aa3442ce5f1fdc978d1 |
|
31-Jan-2018 |
Android Build Merger (Role) <noreply-android-build-merger@google.com> |
[automerger] Adjust URI host parsing to stop on \ character. am: fa3afbd0e7 Change-Id: I20336a5786e753e6941b9a784068480475415110
|
fa3afbd0e7a9a0d8fc8c55ceefdb4ddf9d0115af |
|
31-Jan-2018 |
Adam Vartanian <flooey@google.com> |
Adjust URI host parsing to stop on \ character. The WHATWG URL parsing algorithm [1] used by browsers says that for "special" URL schemes (which is basically all commonly-used hierarchical schemes, including http, https, ftp, and file), the host portion ends if a \ character is seen, whereas this class previously continued to consider characters part of the hostname. This meant that a malicious URL could be seen as having a "safe" host when viewed by an app but navigate to a different host when passed to a browser. [1] https://url.spec.whatwg.org/#host-state Bug: 71360761 Test: vogar frameworks/base/core/tests/coretests/src/android/net/UriTest.java (on NYC branch) Test: cts -m CtsNetTestCases (on NYC branch) Change-Id: Id53f7054d1be8d59bbcc7e219159e59a2425106e
/frameworks/base/core/tests/coretests/src/android/net/UriTest.java
|
4158c9fbf321ec227bb30fb426cb5cf886f09125 |
|
07-Nov-2017 |
Adam Vartanian <flooey@google.com> |
Adjust Uri host parsing to use last instead of first @. am: cd6228dd37 am: 6a9c7c4814 Change-Id: I80bedf58833511d336839df9f17daf65cfebfacf
|
cd6228dd377b2a0caa02a1e6df92f3d9ae702a95 |
|
07-Nov-2017 |
Adam Vartanian <flooey@google.com> |
Adjust Uri host parsing to use last instead of first @. Malformed authority segments can currently cause the parser to produce a hostname that doesn't match the hostname produced by the WHATWG URL parsing algorithm* used by browsers, which means that a URL could be seen as having a "safe" host when checked by an Android app but actually visit a different host when passed to a browser. The WHATWG URL parsing algorithm always produces a hostname based on the last @ in the authority segment, so we do the same. * https://url.spec.whatwg.org/#authority-state resets the "buffer", which is being used to build up the host name, each time an @ is found, so it has the effect of using the content between the final @ and the end of the authority section as the hostname. Bug: 68341964 Test: vogar android.net.UriTest (on NYC branch) Test: cts -m CtsNetTestCases (on NYC branch) Change-Id: Idca79f35a886de042c94d6ab66787c2e98ac8376
/frameworks/base/core/tests/coretests/src/android/net/UriTest.java
|
3f24a1d94a42762c245a32272c797250a804cfc3 |
|
01-Apr-2015 |
Alex Klyubin <klyubin@google.com> |
Cleanse HTTP, HTTPS, and FTP URLs in Uri.toSafeString. This makes the hidden API android.net.Uri.toSafeString omit most parts of HTTP, HTTPS, and FTP URLs to avoid leaking anything unsafe. Only the host and port are retained for these URLs. Bug: 19215516 Change-Id: I2e9e33d9afaa9de5dd07a40532d56f0a2179f62a
/frameworks/base/core/tests/coretests/src/android/net/UriTest.java
|
846318a3250fa95f47a9decfbffb05a31dbd0006 |
|
04-Apr-2014 |
Jeff Sharkey <jsharkey@android.com> |
Allow prefix-based Uri permission grants. Define new FLAG_GRANT_PREFIX_URI_PERMISSION which indicates that a Uri permission grant should also apply to any other Uris that have matching scheme, authority, and path segments. For example, a prefix grant for /foo/ would allow /foo/bar/ but not /foo2/. Allow persistable and prefix grants to be issued directly through grantUriPermission(). Relaxing persistable is fine, since it still requires the receiver to actively take the permission. Since exact- and prefix-match grants for the same Uri can coexist, we track them separately using a new UriGrant key. (Consider the case where an app separately extends READ|PREFIX and WRITE for the same Uri: we can't let that become READ|WRITE|PREFIX.) Fix revoke to always take away persisted permissions. Move prefix matching logic to Uri and add tests. Add new flags to "am" tool, and various internal uses around Intent and Context. Switch some lagging users to ArraySet. Bug: 10607375 Change-Id: Ia8ce2b88421ff9f2fe5a979a27a026fc445d46f1
/frameworks/base/core/tests/coretests/src/android/net/UriTest.java
|
0f28af209ac877091f4a096f7553f02a0b401596 |
|
29-Oct-2011 |
Jesse Wilson <jessewilson@google.com> |
Interpret '+' as a space char in the URL query params. This changes Uri.decode() to use libcore's implementation of the same behavior. Bug: http://code.google.com/p/android/issues/detail?id=21064 Change-Id: If81005492b12d3aaecc745471e0a28679544a391
/frameworks/base/core/tests/coretests/src/android/net/UriTest.java
|
47413708eb42753d891882f488c2d6399b298169 |
|
01-Dec-2010 |
Jesse Wilson <jessewilson@google.com> |
Add a test to demonstrate parsing of trailing URI parameters. Change-Id: I1fde21381cf74b5e4847bb2c2a9ef52f8ac6a2bb http://b/3124097
/frameworks/base/core/tests/coretests/src/android/net/UriTest.java
|
8bb37f7ffb24ab06576dd4225ab0a5e1828a0d07 |
|
07-Sep-2010 |
Steve Block <steveblock@google.com> |
Adds a test case for WebAddress where the path component does not have a leading slash When a URL is malformed because the path does not start with a slash, we assume that the path starts with the first character that is not valid in the host and insert a leading slash. This is the reason why the regex for the path component does not force a leading slash. Bug: 1011602 Change-Id: I8efe46c058d2ee2d1a6a4406ee25dc021315222b
/frameworks/base/core/tests/coretests/src/android/net/UriTest.java
|
582deec1f3c8f51b431bb2ad685c9217ffd9eaad |
|
06-Sep-2010 |
Steve Block <steveblock@google.com> |
Fixes a problem with URL parsing when the host ends with a dot The WebAddress class provides a lenient parser for URLs. Currently, it identifies the host portion with the regex [<chars>]+(\.[<chars>]+)* where <chars> is the set of characters valid for the host name. This pattern excludes the case where the host ends with a dot, which is valid possibility. As a result, any trailing dot is pushed into the path component. Since we add a leading slash to the path if one is missing, the result is a path that begins with '/.'. This fix changes the host regex to [<chars>]+[<chars>\.]* which allows trailing dots and fixes the problem. Bug: 2337042 Change-Id: I310512531787e0f742988f5d815ad944fd39e059
/frameworks/base/core/tests/coretests/src/android/net/UriTest.java
|
58a345936d7e2b66bdeefb492e4f777754792d7e |
|
19-Aug-2010 |
Ben Dodson <bjdodson@google.com> |
Added methods for managing uri query parameters Change-Id: Ic98c1bd159740dd4d895889079f9f2abae4fc2b9
/frameworks/base/core/tests/coretests/src/android/net/UriTest.java
|
9114a8bb8b241bb8d3be307b29e64ea64ab27901 |
|
11-May-2010 |
Keith Ito <kito@google.com> |
Fix for bug 2672749: StringIndexOutOfBoundsException in Uri.getQueryParameter Change-Id: I10b02306478d9c595dbcae0767b44c403d50e24a
/frameworks/base/core/tests/coretests/src/android/net/UriTest.java
|
e41c317348cfe23a78bfd97609c3489c6cc4a786 |
|
21-Mar-2010 |
Keith Ito <kito@google.com> |
Advance encodedKeySearchIndex if encodedKey matches a suffix of a parameter. Bug: 2524610 Change-Id: I51bbf8248133b61825d2ae14afe175cb4d0413b8
/frameworks/base/core/tests/coretests/src/android/net/UriTest.java
|
1a44d5dcabc18cd5ef111f732ccff91683a1a093 |
|
13-Jan-2010 |
Neal Nguyen <tommyn@google.com> |
Phase 2 of test cleanup: moving test files from AndroidTests closer to their sources. Most of these are file moves; a couple notable exceptions are the changes due to the move, and fixing up test code: - database/DatabaseCursorTest.java - database/DatabaseStatementTest.java - net/UriTest.java
/frameworks/base/core/tests/coretests/src/android/net/UriTest.java
|