Add a SaftyNet for security vulnerability

When we get an empty or null slice parameter, we see it as a vulnerability. It will cause null point exception. Bug: 122836081 Test: See adb logcat event log Change-Id: Id5ff11dd18b19184792be466aabb65229f777e81
2020-02-11 17:16:20 +08:00
parent 23b7ca5576
commit 8c4aacd354
1 changed files with 7 additions and 1 deletions
--- a/src/com/android/settings/slices/SliceDeepLinkSpringBoard.java
+++ b/src/com/android/settings/slices/SliceDeepLinkSpringBoard.java
@@ -20,6 +20,7 @@ import android.net.Uri;
 import android.os.Bundle;
 import android.provider.Settings;
 import android.text.TextUtils;
+import android.util.EventLog;
 import android.util.Log;

 import com.android.settings.bluetooth.BluetoothSliceBuilder;
@@ -73,6 +74,11 @@ public class SliceDeepLinkSpringBoard extends Activity {

    private static Uri parse(Uri uri) {
        final String sliceParameter = uri.getQueryParameter(EXTRA_SLICE);
-        return TextUtils.isEmpty(sliceParameter) ? null : Uri.parse(sliceParameter);
+        if (TextUtils.isEmpty(sliceParameter)) {
+            EventLog.writeEvent(0x534e4554, "122836081", -1, "");
+            return null;
+        } else {
+            return Uri.parse(sliceParameter);
+        }
    }
 }