From 894736ef18780fca9e651eb6542555e6fba62ea8 Mon Sep 17 00:00:00 2001 From: M66B Date: Mon, 11 Dec 2023 22:04:44 +0100 Subject: [PATCH] Uri to safe string --- .../main/java/eu/faircode/email/Helper.java | 2 +- .../eu/faircode/email/NoStreamException.java | 2 +- .../java/eu/faircode/email/UriHelper.java | 40 +++++++++++++++++++ 3 files changed, 42 insertions(+), 2 deletions(-) diff --git a/app/src/main/java/eu/faircode/email/Helper.java b/app/src/main/java/eu/faircode/email/Helper.java index d5d75664d6..ba204045bd 100644 --- a/app/src/main/java/eu/faircode/email/Helper.java +++ b/app/src/main/java/eu/faircode/email/Helper.java @@ -1751,7 +1751,7 @@ public class Helper { String title = intent.getStringExtra(Intent.EXTRA_TITLE); Uri data = intent.getData(); String type = intent.getType(); - String fullName = (data == null ? intent.toString() : data.toString()); + String fullName = (data == null ? intent.toString() : UriHelper.toSafeString(data)); String extension = (data == null ? null : getExtension(data.getLastPathSegment())); tvName.setText(title == null ? fullName : title); diff --git a/app/src/main/java/eu/faircode/email/NoStreamException.java b/app/src/main/java/eu/faircode/email/NoStreamException.java index 8fb4032368..4ac0a0ccc3 100644 --- a/app/src/main/java/eu/faircode/email/NoStreamException.java +++ b/app/src/main/java/eu/faircode/email/NoStreamException.java @@ -64,7 +64,7 @@ public class NoStreamException extends SecurityException { TextView tvUri = dview.findViewById(R.id.tvUri); ImageButton ibInfo = dview.findViewById(R.id.ibInfo); - tvUri.setText(uri == null ? null : uri.toString()); + tvUri.setText(uri == null ? null : UriHelper.toSafeString(uri)); ibInfo.setOnClickListener(new View.OnClickListener() { @Override diff --git a/app/src/main/java/eu/faircode/email/UriHelper.java b/app/src/main/java/eu/faircode/email/UriHelper.java index 72788e1db0..f621fe401b 100644 --- a/app/src/main/java/eu/faircode/email/UriHelper.java +++ b/app/src/main/java/eu/faircode/email/UriHelper.java @@ -479,6 +479,46 @@ public class UriHelper { return uri.getHost(); } + // Copied from android.net.Uri.toSafeString + public static String toSafeString(Uri uri) { + String scheme = uri.getScheme(); + String ssp = uri.getSchemeSpecificPart(); + StringBuilder builder = new StringBuilder(64); + + if (scheme != null) { + builder.append(scheme); + builder.append(":"); + if (scheme.equalsIgnoreCase("tel") || scheme.equalsIgnoreCase("sip") + || scheme.equalsIgnoreCase("sms") || scheme.equalsIgnoreCase("smsto") + || scheme.equalsIgnoreCase("mailto") || scheme.equalsIgnoreCase("nfc")) { + if (ssp != null) { + for (int i = 0; i < ssp.length(); i++) { + char c = ssp.charAt(i); + if (c == '-' || c == '@' || c == '.') { + builder.append(c); + } else { + builder.append('x'); + } + } + } + } else { + // For other schemes, let's be conservative about + // the data we include -- only the host and port, not the query params, path or + // fragment, because those can often have sensitive info. + final String host = uri.getHost(); + final int port = uri.getPort(); + final String path = uri.getPath(); + final String authority = uri.getAuthority(); + if (authority != null) builder.append("//"); + if (host != null) builder.append(host); + if (port != -1) builder.append(":").append(port); + if (authority != null || path != null) builder.append("/..."); + } + } + + return builder.toString(); + } + static void test(Context context) { String[] hosts = new String[]{ "child.parent.example.com", "parent.example.com", "example.com", "com",