您的应用容易受到 Intent 重定向的影响。启动活动结果
Your app(s) are vulnerable to Intent Redirection. startActivityForResult
我的应用程序存在意图重定向问题。所以一段时间后,我设法找出问题所在。
问题是
androidx.activity.ComponentActivity->startActivityForResult
我在 SMS Retriever 的广播接收器中使用的
private final BroadcastReceiver smsVerificationReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
if (SmsRetriever.SMS_RETRIEVED_ACTION.equals(intent.getAction())) {
Bundle extras = intent.getExtras();
Status smsRetrieverStatus = (Status) extras.get(SmsRetriever.EXTRA_STATUS);
switch (smsRetrieverStatus.getStatusCode()) {
case CommonStatusCodes.SUCCESS:
// Get consent intent
Intent consentIntent = extras.getParcelable(SmsRetriever.EXTRA_CONSENT_INTENT);
try {
startActivityForResult(consentIntent, SMS_CONSENT_REQUEST);
} catch (ActivityNotFoundException e) {
// Handle the exception ...
}
break;
case CommonStatusCodes.TIMEOUT:
// Time out occurred, handle the error.
break;
}
}
}
};
onActivityResult
@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
switch (requestCode) {
case SMS_CONSENT_REQUEST:
if (resultCode == RESULT_OK) {
// Get SMS message content
String message = data.getStringExtra(SmsRetriever.EXTRA_SMS_MESSAGE);
// Extract one-time code from the message and complete verification
if(message != null && message.contains("is")){
String pass = message.substring(message.indexOf("is") +2).trim();
mEtCode.setText(pass);
}
} else {
// Consent canceled, handle the error ...
}
break;
}
}
我做了一些更改来解决这个问题。现在上传到 google 播放后没有显示任何漏洞。如需更多信息,请访问 this link
private final BroadcastReceiver smsVerificationReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
if (SmsRetriever.SMS_RETRIEVED_ACTION.equals(intent.getAction())) {
Bundle extras = intent.getExtras();
Status smsRetrieverStatus = (Status) extras.get(SmsRetriever.EXTRA_STATUS);
switch (smsRetrieverStatus.getStatusCode()) {
case CommonStatusCodes.SUCCESS:
// Get consent intent
Intent consentIntent = extras.getParcelable(SmsRetriever.EXTRA_CONSENT_INTENT);
try {
ComponentName name = consentIntent.resolveActivity(getPackageManager());
Log.e(TAG, "onReceive: "+name.getPackageName() + " " + name.getClassName());
if (name.getPackageName().equalsIgnoreCase("com.google.android.gms") &&
name.getClassName().equalsIgnoreCase("com.google.android.gms.auth.api.phone.ui.UserConsentPromptActivity")) {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
consentIntent.removeFlags(FLAG_GRANT_READ_URI_PERMISSION);
consentIntent.removeFlags(FLAG_GRANT_WRITE_URI_PERMISSION);
consentIntent.removeFlags(FLAG_GRANT_PERSISTABLE_URI_PERMISSION);
consentIntent.removeFlags(FLAG_GRANT_PREFIX_URI_PERMISSION);
}
someActivityResultLauncher.launch(consentIntent);
}
} catch (ActivityNotFoundException e) {
// Handle the exception ...
}
break;
case CommonStatusCodes.TIMEOUT:
// Time out occurred, handle the error.
break;
}
}
}
};
结果。
ActivityResultLauncher<Intent> someActivityResultLauncher = registerForActivityResult(
new ActivityResultContracts.StartActivityForResult(),
result -> {
if (result.getResultCode() == Activity.RESULT_OK) {
// There are no request codes
Intent data = result.getData();
String message = data.getStringExtra(SmsRetriever.EXTRA_SMS_MESSAGE);
// Extract one-time code from the message and complete verification
if(message != null && message.contains("is")){
String pass = message.substring(message.indexOf("is") +2).trim();
mEtCode.setText(pass);
}
}
});
我的应用程序存在意图重定向问题。所以一段时间后,我设法找出问题所在。 问题是
androidx.activity.ComponentActivity->startActivityForResult
我在 SMS Retriever 的广播接收器中使用的
private final BroadcastReceiver smsVerificationReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
if (SmsRetriever.SMS_RETRIEVED_ACTION.equals(intent.getAction())) {
Bundle extras = intent.getExtras();
Status smsRetrieverStatus = (Status) extras.get(SmsRetriever.EXTRA_STATUS);
switch (smsRetrieverStatus.getStatusCode()) {
case CommonStatusCodes.SUCCESS:
// Get consent intent
Intent consentIntent = extras.getParcelable(SmsRetriever.EXTRA_CONSENT_INTENT);
try {
startActivityForResult(consentIntent, SMS_CONSENT_REQUEST);
} catch (ActivityNotFoundException e) {
// Handle the exception ...
}
break;
case CommonStatusCodes.TIMEOUT:
// Time out occurred, handle the error.
break;
}
}
}
};
onActivityResult
@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
switch (requestCode) {
case SMS_CONSENT_REQUEST:
if (resultCode == RESULT_OK) {
// Get SMS message content
String message = data.getStringExtra(SmsRetriever.EXTRA_SMS_MESSAGE);
// Extract one-time code from the message and complete verification
if(message != null && message.contains("is")){
String pass = message.substring(message.indexOf("is") +2).trim();
mEtCode.setText(pass);
}
} else {
// Consent canceled, handle the error ...
}
break;
}
}
我做了一些更改来解决这个问题。现在上传到 google 播放后没有显示任何漏洞。如需更多信息,请访问 this link
private final BroadcastReceiver smsVerificationReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
if (SmsRetriever.SMS_RETRIEVED_ACTION.equals(intent.getAction())) {
Bundle extras = intent.getExtras();
Status smsRetrieverStatus = (Status) extras.get(SmsRetriever.EXTRA_STATUS);
switch (smsRetrieverStatus.getStatusCode()) {
case CommonStatusCodes.SUCCESS:
// Get consent intent
Intent consentIntent = extras.getParcelable(SmsRetriever.EXTRA_CONSENT_INTENT);
try {
ComponentName name = consentIntent.resolveActivity(getPackageManager());
Log.e(TAG, "onReceive: "+name.getPackageName() + " " + name.getClassName());
if (name.getPackageName().equalsIgnoreCase("com.google.android.gms") &&
name.getClassName().equalsIgnoreCase("com.google.android.gms.auth.api.phone.ui.UserConsentPromptActivity")) {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
consentIntent.removeFlags(FLAG_GRANT_READ_URI_PERMISSION);
consentIntent.removeFlags(FLAG_GRANT_WRITE_URI_PERMISSION);
consentIntent.removeFlags(FLAG_GRANT_PERSISTABLE_URI_PERMISSION);
consentIntent.removeFlags(FLAG_GRANT_PREFIX_URI_PERMISSION);
}
someActivityResultLauncher.launch(consentIntent);
}
} catch (ActivityNotFoundException e) {
// Handle the exception ...
}
break;
case CommonStatusCodes.TIMEOUT:
// Time out occurred, handle the error.
break;
}
}
}
};
结果。
ActivityResultLauncher<Intent> someActivityResultLauncher = registerForActivityResult(
new ActivityResultContracts.StartActivityForResult(),
result -> {
if (result.getResultCode() == Activity.RESULT_OK) {
// There are no request codes
Intent data = result.getData();
String message = data.getStringExtra(SmsRetriever.EXTRA_SMS_MESSAGE);
// Extract one-time code from the message and complete verification
if(message != null && message.contains("is")){
String pass = message.substring(message.indexOf("is") +2).trim();
mEtCode.setText(pass);
}
}
});