Merge pull request #258 from OWASP/prerelease

Merging V3.0 Stable Code into Master

MobileShepherd/CProviderLeakage/app/src/main/res/layout/activity_main.xml

@@ -11,6 +11,7 @@
  android:layout_height="wrap_content"
  android:id="@+id/keyEditText"
  android:textColorHint="#FFFFFF"
+ android:textColor='#FFFFFF'
  android:background="@xml/edittext"
  android:layout_alignParentTop="true"
  android:layout_alignParentLeft="true"

MobileShepherd/CProviderLeakage1/.gitignore

@@ -0,0 +1,7 @@
+.gradle
+/local.properties
+/.idea/workspace.xml
+/.idea/libraries
+.DS_Store
+/build
+/captures

MobileShepherd/CProviderLeakage1/app/.gitignore

@@ -0,0 +1 @@
+/build

MobileShepherd/CProviderLeakage1/app/build.gradle

@@ -0,0 +1,25 @@
+apply plugin: 'com.android.application'
+
+android {
+ compileSdkVersion 22
+ buildToolsVersion "22.0.1"
+
+ defaultConfig {
+ applicationId "com.somewhere.hidden"
+ minSdkVersion 15
+ targetSdkVersion 22
+ versionCode 1
+ versionName "1.0"
+ }
+ buildTypes {
+ release {
+ minifyEnabled false
+ proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
+ }
+ }
+}
+
+dependencies {
+ compile fileTree(dir: 'libs', include: ['*.jar'])
+ compile 'com.android.support:appcompat-v7:22.2.0'
+}

MobileShepherd/CProviderLeakage1/app/proguard-rules.pro

@@ -0,0 +1,17 @@
+# Add project specific ProGuard rules here.
+# By default, the flags in this file are appended to flags specified
+# in C:\Users\sean\AppData\Local\Android\sdk/tools/proguard/proguard-android.txt
+# You can edit the include path and order by changing the proguardFiles
+# directive in build.gradle.
+#
+# For more details, see
+# http://developer.android.com/guide/developing/tools/proguard.html
+
+# Add any project specific keep options here:
+
+# If your project uses WebView with JS, uncomment the following
+# and specify the fully qualified class name to the JavaScript interface
+# class:
+#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
+# public *;
+#}

MobileShepherd/CProviderLeakage1/app/src/main/AndroidManifest.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.app.module" >
+
+ <application
+ android:allowBackup="true"
+ android:icon="@mipmap/ic_launcher"
+ android:label="@string/app_name"
+ android:theme="@style/AppTheme" >
+ <activity
+ android:name="com.app.module.MainActivity"
+ android:label="@string/app_name" >
+ <intent-filter>
+ <action android:name="android.intent.action.MAIN" />
+
+ <category android:name="android.intent.category.LAUNCHER" />
+ </intent-filter>
+ </activity>
+
+
+ <provider
+ android:name=".mProvider"
+ android:authorities="com.app.module.mProvider"
+ android:exported="true"
+ android:multiprocess="true" >
+ </provider>
+ </application>
+
+</manifest>

MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/MainActivity.java

@@ -0,0 +1,38 @@
+package com.app.module;
+
+import android.content.ContentValues;
+import android.net.Uri;
+import android.os.Bundle;
+import android.support.v7.app.AppCompatActivity;
+import android.view.View;
+import android.widget.EditText;
+import android.widget.Toast;
+
+
+public class MainActivity extends AppCompatActivity {
+
+ EditText keyEditText;
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ setContentView(R.layout.activity_main);
+
+ keyEditText = (EditText) findViewById(R.id.keyEditText);
+ }
+
+ public void addKey(View view) {
+
+ String key = keyEditText.getText().toString();
+
+ ContentValues values = new ContentValues();
+ values.put(mProvider.key, key);
+
+ // Provides access to other applications Content Providers
+ Uri uri = getContentResolver().insert(mProvider.CONTENT_URL, values);
+
+ Toast.makeText(getBaseContext(), "New Secret Added", Toast.LENGTH_LONG)
+ .show();
+ }
+
+}

MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java

@@ -0,0 +1,191 @@
+package com.app.module;
+
+import android.content.ContentProvider;
+import android.content.ContentUris;
+import android.content.ContentValues;
+import android.content.Context;
+import android.content.UriMatcher;
+import android.database.Cursor;
+import android.database.sqlite.SQLiteDatabase;
+import android.database.sqlite.SQLiteOpenHelper;
+import android.database.sqlite.SQLiteQueryBuilder;
+import android.net.Uri;
+import android.widget.Toast;
+
+import java.util.HashMap;
+
+
+public class mProvider extends ContentProvider {
+
+
+ static final String PROVIDER_NAME = "com.app.module.mProvider";
+
+ static final String URL = "content://" + PROVIDER_NAME + "/data";
+ static final Uri CONTENT_URL = Uri.parse(URL);
+
+ static final String id = "id";
+ static final String key = "key";
+ static final int uriCode = 1;
+
+ private static HashMap<String, String> values;
+
+ // Used to match uris with Content Providers
+ static final UriMatcher uriMatcher;
+
+ private SQLiteDatabase sqlDB;
+ static final String DATABASE_NAME = "hiddenData";
+ static final String TABLE_NAME = "keys";
+ static final int DATABASE_VERSION = 1;
+ static final String CREATE_DB_TABLE = " CREATE TABLE " + TABLE_NAME
+ + " (id INTEGER PRIMARY KEY AUTOINCREMENT, "
+ + " key TEXT NOT NULL);";
+
+
+ static {
+ uriMatcher = new UriMatcher(UriMatcher.NO_MATCH);
+ uriMatcher.addURI(PROVIDER_NAME, "data", uriCode);
+ }
+
+ @Override
+ public boolean onCreate() {
+ DatabaseHelper dbHelper = new DatabaseHelper(getContext());
+ sqlDB = dbHelper.getWritableDatabase();
+ if (sqlDB != null) {
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) {
+ // Used to create a SQL query
+ SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder();
+
+ // Set table to query
+ queryBuilder.setTables(TABLE_NAME);
+
+ // Used to match uris with Content Providers
+ switch (uriMatcher.match(uri)) {
+ case uriCode:
+
+ // A projection map maps from passed column names to database column names
+ queryBuilder.setProjectionMap(values);
+ break;
+ default:
+ throw new IllegalArgumentException("Unknown URI " + uri);
+ }
+
+ // Cursor provides read and write access to the database
+ Cursor cursor = queryBuilder.query(sqlDB, projection, selection, selectionArgs, null,
+ null, sortOrder);
+
+ // Register to watch for URI changes
+ cursor.setNotificationUri(getContext().getContentResolver(), uri);
+ return cursor;
+ }
+
+ // Handles requests for the MIME type (Type of Data) of the data at the URI
+ @Override
+ public String getType(Uri uri) {
+
+ // Used to match uris with Content Providers
+ switch (uriMatcher.match(uri)) {
+
+ case uriCode:
+ return "vnd.android.cursor.dir/data";
+
+ default:
+ throw new IllegalArgumentException("Unsupported URI: " + uri);
+ }
+ }
+
+ // Used to insert a new row into the provider
+ // Receives the URI (Uniform Resource Identifier) for the Content Provider and a set of values
+ @Override
+ public Uri insert(Uri uri, ContentValues values) {
+
+ // Gets the row id after inserting a map with the keys representing the the column
+ // names and their values. The second attribute is used when you try to insert
+ // an empty row
+ long rowID = sqlDB.insert(TABLE_NAME, null, values);
+
+ // Verify a row has been added
+ if (rowID > 0) {
+
+ // Append the given id to the path and return a Builder used to manipulate URI
+ // references
+ Uri _uri = ContentUris.withAppendedId(CONTENT_URL, rowID);
+
+ // getContentResolver provides access to the content model
+ // notifyChange notifies all observers that a row was updated
+ getContext().getContentResolver().notifyChange(_uri, null);
+
+ // Return the Builder used to manipulate the URI
+ return _uri;
+ }
+ Toast.makeText(getContext(), "Row Insert Failed", Toast.LENGTH_LONG).show();
+ return null;
+ }
+
+ // Deletes a row or a selection of rows
+ @Override
+ public int delete(Uri uri, String selection, String[] selectionArgs) {
+ int rowsDeleted = 0;
+
+ // Used to match uris with Content Providers
+ switch (uriMatcher.match(uri)) {
+ case uriCode:
+ rowsDeleted = sqlDB.delete(TABLE_NAME, selection, selectionArgs);
+ break;
+ default:
+ throw new IllegalArgumentException("Unknown URI " + uri);
+ }
+
+ // getContentResolver provides access to the content model
+ // notifyChange notifies all observers that a row was updated
+ getContext().getContentResolver().notifyChange(uri, null);
+ return rowsDeleted;
+ }
+
+ // Used to update a row or a selection of rows
+ // Returns to number of rows updated
+ @Override
+ public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) {
+ int rowsUpdated = 0;
+
+ // Used to match uris with Content Providers
+ switch (uriMatcher.match(uri)) {
+ case uriCode:
+
+ // Update the row or rows of data
+ rowsUpdated = sqlDB.update(TABLE_NAME, values, selection, selectionArgs);
+ break;
+ default:
+ throw new IllegalArgumentException("Unknown URI " + uri);
+ }
+
+ // getContentResolver provides access to the content model
+ // notifyChange notifies all observers that a row was updated
+ getContext().getContentResolver().notifyChange(uri, null);
+ return rowsUpdated;
+ }
+
+ private static class DatabaseHelper extends SQLiteOpenHelper {
+ DatabaseHelper(Context context) {
+ super(context, DATABASE_NAME, null, DATABASE_VERSION);
+ }
+
+ @Override
+ public void onCreate(SQLiteDatabase sqlDB) {
+ sqlDB.execSQL(CREATE_DB_TABLE);
+ }
+
+ // Recreates the table when the database needs to be upgraded
+ @Override
+ public void onUpgrade(SQLiteDatabase sqlDB, int oldVersion, int newVersion) {
+ sqlDB.execSQL("DROP TABLE IF EXISTS " + TABLE_NAME);
+ onCreate(sqlDB);
+ }
+
+ }
+}

MobileShepherd/CProviderLeakage1/app/src/main/res/layout/activity_main.xml

@@ -0,0 +1,32 @@
+<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
+ xmlns:tools="http://schemas.android.com/tools" android:layout_width="match_parent"
+ android:layout_height="match_parent" android:paddingLeft="@dimen/activity_horizontal_margin"
+ android:paddingRight="@dimen/activity_horizontal_margin"
+ android:background="@mipmap/background"
+ android:paddingTop="180dp"
+ android:paddingBottom="@dimen/activity_vertical_margin" tools:context=".MainActivity">
+
+ <EditText
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:id="@+id/keyEditText"
+ android:textColorHint="#FFFFFF"
+ android:textColor="#FFFFFF"
+ android:background="@xml/edittext"
+ android:layout_alignParentTop="true"
+ android:layout_alignParentLeft="true"
+ android:layout_alignParentStart="true"
+ android:hint="Add Secret" />
+
+ <Button
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:id="@+id/addContactButton"
+ android:text="Submit Secret"
+ android:background="@xml/button"
+ android:onClick="addKey"
+ android:layout_below="@+id/keyEditText"
+ android:layout_alignParentRight="true"
+ android:layout_alignParentEnd="true" />
+
+</RelativeLayout>

MobileShepherd/CProviderLeakage1/app/src/main/res/menu/menu_main.xml

@@ -0,0 +1,6 @@
+<menu xmlns:android="http://schemas.android.com/apk/res/android"
+ xmlns:app="http://schemas.android.com/apk/res-auto"
+ xmlns:tools="http://schemas.android.com/tools" tools:context=".MainActivity">
+ <item android:id="@+id/action_settings" android:title="@string/action_settings"
+ android:orderInCategory="100" app:showAsAction="never" />
+</menu>

MobileShepherd/CProviderLeakage1/app/src/main/res/values-w820dp/dimens.xml

@@ -0,0 +1,6 @@
+<resources>
+ <!-- Example customization of dimensions originally defined in res/values/dimens.xml
+ (such as screen margins) for screens with more than 820dp of available width. This
+ would include 7" and 10" devices in landscape (~960dp and ~1280dp respectively). -->
+ <dimen name="activity_horizontal_margin">64dp</dimen>
+</resources>

MobileShepherd/CProviderLeakage1/app/src/main/res/values/dimens.xml

@@ -0,0 +1,5 @@
+<resources>
+ <!-- Default screen margins, per the Android Design guidelines. -->
+ <dimen name="activity_horizontal_margin">16dp</dimen>
+ <dimen name="activity_vertical_margin">16dp</dimen>
+</resources>

MobileShepherd/CProviderLeakage1/app/src/main/res/values/strings.xml

@@ -0,0 +1,5 @@
+<resources>
+ <string name="app_name">CProviderLeakage1</string>
+
+ <string name="action_settings">Settings</string>
+</resources>

MobileShepherd/CProviderLeakage1/app/src/main/res/values/styles.xml

@@ -0,0 +1,8 @@
+<resources>
+
+ <!-- Base application theme. -->
+ <style name="AppTheme" parent="Theme.AppCompat.Light.DarkActionBar">
+ <!-- Customize your theme here. -->
+ </style>
+
+</resources>