Skip to content

Commit

Permalink
feat: add intent package check
Browse files Browse the repository at this point in the history
  • Loading branch information
@arifBurakDemiray
arifBurakDemiray committed Oct 14, 2024
1 parent 9c2f184 commit 4d72da0
Showing 1 changed file with 12 additions and 3 deletions.
15 changes: 12 additions & 3 deletions sdk/src/main/java/ly/count/android/sdk/messaging/CountlyPushActivity.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@
import java.util.ArrayList;
import ly.count.android.sdk.Countly;

import static ly.count.android.sdk.messaging.CountlyPush.ALLOWED_CLASS_NAMES;
import static ly.count.android.sdk.messaging.CountlyPush.ALLOWED_PACKAGE_NAMES;
import static ly.count.android.sdk.messaging.CountlyPush.EXTRA_ACTION_INDEX;
import static ly.count.android.sdk.messaging.CountlyPush.EXTRA_INTENT;
import static ly.count.android.sdk.messaging.CountlyPush.EXTRA_MESSAGE;
import static ly.count.android.sdk.messaging.CountlyPush.ALLOWED_CLASS_NAMES;
import static ly.count.android.sdk.messaging.CountlyPush.ALLOWED_PACKAGE_NAMES;
import static ly.count.android.sdk.messaging.CountlyPush.useAdditionalIntentRedirectionChecks;

public class CountlyPushActivity extends Activity {
Expand Down Expand Up @@ -46,7 +46,7 @@ private void performPushAction(Intent activityIntent) {
}

if (useAdditionalIntentRedirectionChecks) {
ComponentName componentName = intent.getComponent();
ComponentName componentName = getCallingActivity();
String intentPackageName = componentName.getPackageName();
String intentClassName = componentName.getClassName();
String contextPackageName = context.getPackageName();
Expand Down Expand Up @@ -95,6 +95,15 @@ private void performPushAction(Intent activityIntent) {
return;
}
}
} else {
ComponentName componentName = getCallingActivity();
if (componentName != null) {
String callingPackage = componentName.getPackageName();
if (!getPackageName().equals(callingPackage)) {
Countly.sharedInstance().L.w("[CountlyPush, CountlyPushActivity] Untrusted intent package");
return;
}
}
}

Countly.sharedInstance().L.d("[CountlyPush, CountlyPushActivity] Push activity, after filtering");
Expand Down

0 comments on commit 4d72da0

Please sign in to comment.