evgensorokin / opensudoku-android

Automatically exported from code.google.com/p/opensudoku-android
0 stars 0 forks source link

Invalid explicit intent makes the application access protected resources in OpenSudokuImportTask class #171

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Explicit intent that violates intent filter for activity FileImportActivity 
makes the application access the network in OpenSudokuImportTask class while 
attempting to get a .opensudoku file from a remote location.
Intent should be rejected before potentially causing security issues.

Violating intent is:
intent://192.168.39.169/android/nmjC.opensudoku;
scheme=http;
action=android.intent.action.SYNC;
category=android.intent.category.DEFAULT;
while action in the filter is defined as:
<action android:name="android.intent.action.VIEW"></action>

A JUnit test case to reproduce the scenario is attached

Original issue reported on code.google.com by andrea....@gmail.com on 31 Jan 2013 at 5:34

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by romario...@gmail.com on 10 Feb 2013 at 7:27