Sanitized uri scheme by removing scheme delimiter (737bc87e) · Commits · e / os / android_frameworks_base

core/java/android/net/Uri.java

+5 −1

Original line number	Diff line number	Diff line
		@@ -1387,7 +1387,11 @@ public abstract class Uri implements Parcelable, Comparable<Uri> {
		* @param scheme name or {@code null} if this is a relative Uri
		*/
		public Builder scheme(String scheme) {
		this.scheme = scheme;
		if (scheme != null) {
		this.scheme = scheme.replaceAll("://", "");
		} else {
		this.scheme = null;
		}
		return this;
		}

+11 −0

Original line number	Diff line number	Diff line
		@@ -18,6 +18,7 @@ package android.net;

		import android.content.ContentUris;
		import android.os.Parcel;
		import android.platform.test.annotations.AsbSecurityTest;

		import androidx.test.filters.SmallTest;

		@@ -86,6 +87,16 @@ public class UriTest extends TestCase {
		assertNull(u.getHost());
		}

		@AsbSecurityTest(cveBugId = 261721900)
		@SmallTest
		public void testSchemeSanitization() {
		Uri uri = new Uri.Builder()
		.scheme("http://https://evil.com:/te:st/")
		.authority("google.com").path("one/way").build();
		assertEquals("httphttpsevil.com:/te:st/", uri.getScheme());
		assertEquals("httphttpsevil.com:/te:st/://google.com/one/way", uri.toString());
		}

		@SmallTest
		public void testStringUri() {
		assertEquals("bob lee",