Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1fd04218 authored by Kiran Ramachandra's avatar Kiran Ramachandra
Browse files

DO NOT MERGE Ignore - Sanitized uri scheme by removing scheme delimiter 

Initially considered removing unsupported characters as per IANA guidelines, but this could break applications that use custom schemes with asterisks. Instead, opted to remove only the "://" to minimize disruption

Bug: 261721900
Test: atest FrameworksCoreTests:android.net.UriTest

Change-Id: I88b1550a5d8b3dc0f6286e28899884025d059645
No-Typo-Check: The unit test is specifically written to test few cases, string "http://https://" is not a typo
parent 89bc634c

core/java/android/net/Uri.java

+5 −1
Original line number Diff line number Diff line
@@ -1391,7 +1391,11 @@ public abstract class Uri implements Parcelable, Comparable<Uri> { 
         * @param scheme name or {@code null} if this is a relative Uri

         */

        public Builder scheme(String scheme) {

            this.scheme = scheme;

            if (scheme != null) {

                this.scheme = scheme.replace("://", "");

            } else {

                this.scheme = null;

            }

            return this;

        }

core/tests/coretests/src/android/net/UriTest.java

+11 −0
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ package android.net; 


import android.content.ContentUris;

import android.os.Parcel;

import android.platform.test.annotations.AsbSecurityTest;



import androidx.test.filters.SmallTest;
@@ -88,6 +89,16 @@ public class UriTest extends TestCase { 
        assertNull(u.getHost());

    }



    @AsbSecurityTest(cveBugId = 261721900)

    @SmallTest

    public void testSchemeSanitization() {

        Uri uri = new Uri.Builder()

                .scheme("http://https://evil.com:/te:st/")

                .authority("google.com").path("one/way").build();

        assertEquals("httphttpsevil.com:/te:st/", uri.getScheme());

        assertEquals("httphttpsevil.com:/te:st/://google.com/one/way", uri.toString());

    }



    @SmallTest

    public void testStringUri() {

        assertEquals("bob lee",