Class SecureUriUtil
java.lang.Object
com.streamwide.smartms.lib.template.security.SecureUriUtil
This class is used in order to fix all issues related to the management of
Uri fired by the Fortify scans.
Following an example of an issue fired by the Fortify scan and how to fix it :
- Content Provider URI Injection :
Issue : Uri received in the
Activity.onActivityResult(int, int, Intent)is used without any validation in the query of theContentResolver
Solution : useUri.buildUpon()to re-build the passed uri before use
-
Method Summary
Modifier and TypeMethodDescriptionstatic android.net.UrisafeUri(android.net.Uri uri) This method try to fix the issue fired by the Fortify scan Content Provider URI Injection.static android.net.UrisafeUri(android.net.Uri contentUri, android.net.Uri uri) This method try to fix the issue fired by the Fortify scan Content Provider URI Injection.
-
Method Details
-
safeUri
@Nullable public static android.net.Uri safeUri(@Nullable android.net.Uri uri) This method try to fix the issue fired by the Fortify scan Content Provider URI Injection. To fix this issue this method try to re-build toUripassed as parameter using the authority extracted from the uri parameter- Parameters:
uri- The targetUrito be normalized by this method- Returns:
- A safe
Uriin order to fix the Fortify issue Content Provider URI Injection
-
safeUri
@Nullable public static android.net.Uri safeUri(@Nullable android.net.Uri contentUri, @Nullable android.net.Uri uri) This method try to fix the issue fired by the Fortify scan Content Provider URI Injection. To fix this issue this method try to re-build toUripassed as parameter using the contentUri if not null otherwise the authority extracted from the uri parameter- Parameters:
contentUri- Uri based on baseUri with the given segment appended to the path such asContactsContract.Contacts.CONTENT_URIuri- The targetUrito be normalized by this method- Returns:
- A safe
Uriin order to fix the Fortify issue Content Provider URI Injection
-