summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Kiran Ramachandra <kiranmr@google.com> 2024-06-21 16:42:18 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2024-06-21 16:42:18 +0000
commit91fd430a8d83e37f1bf1840d127a6513973a5372 (patch)
tree8d196a4bdb81e874ad1b4d8fc5c8069c5297c0b0
parent11a6a7b9b1783f73b8e8476c7bbc34ad07b0cd76 (diff)
parent841ce92aa1b350c83148ef6fb57bfff617364e1a (diff)
DO NOT MERGE Ignore - Sanitized uri scheme by removing scheme delimiter am: 841ce92aa1
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/27632412 Change-Id: Ia345cad4d6ecc09e9015df420018aa019c10a19b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat
-rw-r--r--core/java/android/net/Uri.java6
-rw-r--r--core/tests/coretests/src/android/net/UriTest.java11
2 files changed, 16 insertions, 1 deletions
diff --git a/core/java/android/net/Uri.java b/core/java/android/net/Uri.java
index 3da696ad0bc7..f0262e9f7566 100644
--- a/core/java/android/net/Uri.java
+++ b/core/java/android/net/Uri.java
@@ -1388,7 +1388,11 @@ public abstract class Uri implements Parcelable, Comparable<Uri> {
* @param scheme name or {@code null} if this is a relative Uri
*/
public Builder scheme(String scheme) {
- this.scheme = scheme;
+ if (scheme != null) {
+ this.scheme = scheme.replace("://", "");
+ } else {
+ this.scheme = null;
+ }
return this;
}
diff --git a/core/tests/coretests/src/android/net/UriTest.java b/core/tests/coretests/src/android/net/UriTest.java
index 89632a46267e..fd12e519e8f8 100644
--- a/core/tests/coretests/src/android/net/UriTest.java
+++ b/core/tests/coretests/src/android/net/UriTest.java
@@ -18,6 +18,7 @@ package android.net;
import android.content.ContentUris;
import android.os.Parcel;
+import android.platform.test.annotations.AsbSecurityTest;
import androidx.test.filters.SmallTest;
@@ -88,6 +89,16 @@ public class UriTest extends TestCase {
assertNull(u.getHost());
}
+ @AsbSecurityTest(cveBugId = 261721900)
+ @SmallTest
+ public void testSchemeSanitization() {
+ Uri uri = new Uri.Builder()
+ .scheme("http://https://evil.com:/te:st/")
+ .authority("google.com").path("one/way").build();
+ assertEquals("httphttpsevil.com:/te:st/", uri.getScheme());
+ assertEquals("httphttpsevil.com:/te:st/://google.com/one/way", uri.toString());
+ }
+
@SmallTest
public void testStringUri() {
assertEquals("bob lee",
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-11-02 12:59:29 +0000