From 8c4aacd3548c30e7fc96fddc150fdf00145cb081 Mon Sep 17 00:00:00 2001
From: Tsung-Mao Fang <tmfang@google.com>
Date: Tue, 11 Feb 2020 17:16:20 +0800
Subject: [PATCH] Add a SaftyNet for security vulnerability

When we get an empty or null slice parameter,
we see it as a vulnerability. It will cause
null point exception.

Bug: 122836081
Test: See adb logcat event log
Change-Id: Id5ff11dd18b19184792be466aabb65229f777e81
---
 .../android/settings/slices/SliceDeepLinkSpringBoard.java | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/com/android/settings/slices/SliceDeepLinkSpringBoard.java b/src/com/android/settings/slices/SliceDeepLinkSpringBoard.java
index ce036d25d8f..852f2861860 100644
--- a/src/com/android/settings/slices/SliceDeepLinkSpringBoard.java
+++ b/src/com/android/settings/slices/SliceDeepLinkSpringBoard.java
@@ -20,6 +20,7 @@ import android.net.Uri;
 import android.os.Bundle;
 import android.provider.Settings;
 import android.text.TextUtils;
+import android.util.EventLog;
 import android.util.Log;
 
 import com.android.settings.bluetooth.BluetoothSliceBuilder;
@@ -73,6 +74,11 @@ public class SliceDeepLinkSpringBoard extends Activity {
 
     private static Uri parse(Uri uri) {
         final String sliceParameter = uri.getQueryParameter(EXTRA_SLICE);
-        return TextUtils.isEmpty(sliceParameter) ? null : Uri.parse(sliceParameter);
+        if (TextUtils.isEmpty(sliceParameter)) {
+            EventLog.writeEvent(0x534e4554, "122836081", -1, "");
+            return null;
+        } else {
+            return Uri.parse(sliceParameter);
+        }
     }
 }