diff --git a/sdk/src/main/java/ly/count/android/sdk/messaging/CountlyPushActivity.java b/sdk/src/main/java/ly/count/android/sdk/messaging/CountlyPushActivity.java index 2d333c861..479248e8d 100644 --- a/sdk/src/main/java/ly/count/android/sdk/messaging/CountlyPushActivity.java +++ b/sdk/src/main/java/ly/count/android/sdk/messaging/CountlyPushActivity.java @@ -10,11 +10,11 @@ import java.util.ArrayList; import ly.count.android.sdk.Countly; +import static ly.count.android.sdk.messaging.CountlyPush.ALLOWED_CLASS_NAMES; +import static ly.count.android.sdk.messaging.CountlyPush.ALLOWED_PACKAGE_NAMES; import static ly.count.android.sdk.messaging.CountlyPush.EXTRA_ACTION_INDEX; import static ly.count.android.sdk.messaging.CountlyPush.EXTRA_INTENT; import static ly.count.android.sdk.messaging.CountlyPush.EXTRA_MESSAGE; -import static ly.count.android.sdk.messaging.CountlyPush.ALLOWED_CLASS_NAMES; -import static ly.count.android.sdk.messaging.CountlyPush.ALLOWED_PACKAGE_NAMES; import static ly.count.android.sdk.messaging.CountlyPush.useAdditionalIntentRedirectionChecks; public class CountlyPushActivity extends Activity { @@ -46,7 +46,7 @@ private void performPushAction(Intent activityIntent) { } if (useAdditionalIntentRedirectionChecks) { - ComponentName componentName = intent.getComponent(); + ComponentName componentName = getCallingActivity(); String intentPackageName = componentName.getPackageName(); String intentClassName = componentName.getClassName(); String contextPackageName = context.getPackageName(); @@ -95,6 +95,15 @@ private void performPushAction(Intent activityIntent) { return; } } + } else { + ComponentName componentName = getCallingActivity(); + if (componentName != null) { + String callingPackage = componentName.getPackageName(); + if (!getPackageName().equals(callingPackage)) { + Countly.sharedInstance().L.w("[CountlyPush, CountlyPushActivity] Untrusted intent package"); + return; + } + } } Countly.sharedInstance().L.d("[CountlyPush, CountlyPushActivity] Push activity, after filtering");