Merge "Sanitize Uri.toSafeString() some more." into tm-dev am: b6da699d30 am:... (aa8e327f) · Commits · e / os / android_frameworks_base

core/java/android/net/Uri.java

+18 −21

Original line number	Original line	Diff line number	Diff line
	@@ -390,7 +390,8 @@ public abstract class Uri implements Parcelable, Comparable<Uri> {
	* Return a string representation of this URI that has common forms of PII redacted,		* Return a string representation of this URI that has common forms of PII redacted,
	* making it safer to use for logging purposes. For example, {@code tel:800-466-4411} is		* making it safer to use for logging purposes. For example, {@code tel:800-466-4411} is
	* returned as {@code tel:xxx-xxx-xxxx} and {@code http://example.com/path/to/item/} is		* returned as {@code tel:xxx-xxx-xxxx} and {@code http://example.com/path/to/item/} is
	* returned as {@code http://example.com/...}.		* returned as {@code http://example.com/...}. For all other uri schemes, only the scheme,
			* host and port are returned.
	* @return the common forms PII redacted string of this URI		* @return the common forms PII redacted string of this URI
	* @hide		* @hide
	*/		*/
	@@ -398,13 +399,14 @@ public abstract class Uri implements Parcelable, Comparable<Uri> {
	public @NonNull String toSafeString() {		public @NonNull String toSafeString() {
	String scheme = getScheme();		String scheme = getScheme();
	String ssp = getSchemeSpecificPart();		String ssp = getSchemeSpecificPart();
			StringBuilder builder = new StringBuilder(64);

	if (scheme != null) {		if (scheme != null) {
			builder.append(scheme);
			builder.append(":");
	if (scheme.equalsIgnoreCase("tel") \|\| scheme.equalsIgnoreCase("sip")		if (scheme.equalsIgnoreCase("tel") \|\| scheme.equalsIgnoreCase("sip")
	\|\| scheme.equalsIgnoreCase("sms") \|\| scheme.equalsIgnoreCase("smsto")		\|\| scheme.equalsIgnoreCase("sms") \|\| scheme.equalsIgnoreCase("smsto")
	\|\| scheme.equalsIgnoreCase("mailto") \|\| scheme.equalsIgnoreCase("nfc")) {		\|\| scheme.equalsIgnoreCase("mailto") \|\| scheme.equalsIgnoreCase("nfc")) {
	StringBuilder builder = new StringBuilder(64);
	builder.append(scheme);
	builder.append(':');
	if (ssp != null) {		if (ssp != null) {
	for (int i=0; i<ssp.length(); i++) {		for (int i=0; i<ssp.length(); i++) {
	char c = ssp.charAt(i);		char c = ssp.charAt(i);
	@@ -415,24 +417,19 @@ public abstract class Uri implements Parcelable, Comparable<Uri> {
	}		}
	}		}
	}		}
	return builder.toString();		} else {
	} else if (scheme.equalsIgnoreCase("http") \|\| scheme.equalsIgnoreCase("https")		// For other schemes, let's be conservative about
	\|\| scheme.equalsIgnoreCase("ftp") \|\| scheme.equalsIgnoreCase("rtsp")) {		// the data we include -- only the host and port, not the query params, path or
	ssp = "//" + ((getHost() != null) ? getHost() : "")
	+ ((getPort() != -1) ? (":" + getPort()) : "")
	+ "/...";
	}
	}
	// Not a sensitive scheme, but let's still be conservative about
	// the data we include -- only the ssp, not the query params or
	// fragment, because those can often have sensitive info.		// fragment, because those can often have sensitive info.
	StringBuilder builder = new StringBuilder(64);		final String host = getHost();
	if (scheme != null) {		final int port = getPort();
	builder.append(scheme);		final String path = getPath();
	builder.append(':');		final String authority = getAuthority();
			if (authority != null) builder.append("//");
			if (host != null) builder.append(host);
			if (port != -1) builder.append(":").append(port);
			if (authority != null \|\| path != null) builder.append("/...");
	}		}
	if (ssp != null) {
	builder.append(ssp);
	}		}
	return builder.toString();		return builder.toString();
	}		}

core/tests/coretests/src/android/net/UriTest.java

+6 −2

Original line number	Original line	Diff line number	Diff line
	@@ -989,10 +989,14 @@ public class UriTest extends TestCase {
	checkToSafeString("ftp://ftp.android.com:2121/...",		checkToSafeString("ftp://ftp.android.com:2121/...",
	"ftp://root:love@ftp.android.com:2121/");		"ftp://root:love@ftp.android.com:2121/");

	checkToSafeString("unsupported://ajkakjah/askdha/secret?secret",		checkToSafeString("unsupported://ajkakjah/...",
	"unsupported://ajkakjah/askdha/secret?secret");		"unsupported://ajkakjah/askdha/secret?secret");
	checkToSafeString("unsupported:ajkakjah/askdha/secret?secret",		checkToSafeString("unsupported:",
	"unsupported:ajkakjah/askdha/secret?secret");		"unsupported:ajkakjah/askdha/secret?secret");
			checkToSafeString("unsupported:/...",
			"unsupported:/ajkakjah/askdha/secret?secret");
			checkToSafeString("file:///...",
			"file:///path/to/secret.doc");
	}		}

	private void checkToSafeString(String expectedSafeString, String original) {		private void checkToSafeString(String expectedSafeString, String original) {