Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 83a8b98a authored by Kiran Ramachandra's avatar Kiran Ramachandra Committed by Kevin F. Haggerty
Browse files

DO NOT MERGE Ignore - Sanitized uri scheme by removing scheme delimiter 

Initially considered removing unsupported characters as per IANA guidelines, but this could break applications that use custom schemes with asterisks. Instead, opted to remove only the "://" to minimize disruption

Bug: 261721900
Test: atest FrameworksCoreTests:android.net.UriTest

No-Typo-Check: The unit test is specifically written to test few cases, string "http://https://" is not a typo
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1fd0421801c391dd619cafeeea8d379a9029074a)
Merged-In: I88b1550a5d8b3dc0f6286e28899884025d059645
Change-Id: I88b1550a5d8b3dc0f6286e28899884025d059645
parent ef50b9e7

core/java/android/net/Uri.java

+5 −1
Original line number Diff line number Diff line
@@ -1391,7 +1391,11 @@ public abstract class Uri implements Parcelable, Comparable<Uri> { 
         * @param scheme name or {@code null} if this is a relative Uri

         */

        public Builder scheme(String scheme) {

            this.scheme = scheme;

            if (scheme != null) {

                this.scheme = scheme.replace("://", "");

            } else {

                this.scheme = null;

            }

            return this;

        }

core/tests/coretests/src/android/net/UriTest.java

+11 −0
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ package android.net; 


import android.content.ContentUris;

import android.os.Parcel;

import android.platform.test.annotations.AsbSecurityTest;



import androidx.test.filters.SmallTest;
@@ -88,6 +89,16 @@ public class UriTest extends TestCase { 
        assertNull(u.getHost());

    }



    @AsbSecurityTest(cveBugId = 261721900)

    @SmallTest

    public void testSchemeSanitization() {

        Uri uri = new Uri.Builder()

                .scheme("http://https://evil.com:/te:st/")

                .authority("google.com").path("one/way").build();

        assertEquals("httphttpsevil.com:/te:st/", uri.getScheme());

        assertEquals("httphttpsevil.com:/te:st/://google.com/one/way", uri.toString());

    }



    @SmallTest

    public void testStringUri() {

        assertEquals("bob lee",