StrandHogg detection

[yostyle]

No description provided.

[github-actions]

Unit Test Results

  92 files  ±0    92 suites  ±0   1m 13s ⏱️ +7s
162 tests ±0  162 ✔️ ±0  0 💤 ±0  0 ❌ ±0 
524 runs  ±0  524 ✔️ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit e9814ee. ± Comparison against base commit dd0d2e8.

♻️ This comment has been updated with latest results.

[ouchadam]

I tried adding singleTask to this activity for a deeplink issue and it caused a bunch of odd behaviours (skipping deeplinks, activity not fully loading), have you noticed anything strange after the change?

[yostyle]

I didn't see any problem on HomeActivity after this change but I didn't stress it. I would prefer to make more tests.

[bmarty]

Indeed, clicking on a link like https://app.element.io/#/room/%23element-web-announcements:matrix.org

creates 2 tasks if Element was already running, so we can see in the task switcher:

See #2299 and the fix #2341 :)

[ouchadam]

is this a blocker for the fix? maybe singleTop could provide similar protection without allowing multiple instances

[yostyle]

No more needed to change launchMode since we generate a random task affinity on each build.

[ouchadam]

would be interesting to know if there's a performance impact for this, might be worth making the check async to avoid slowing down the activity start flow

[yostyle]

Done

[ouchadam]

looks like we could extract this logic to reduce the duplication, either extension or base class function

something like

if (views.drawerLayout.isDrawerOpen(GravityCompat.START)) { 
  views.drawerLayout.closeDrawer(GravityCompat.START)
} else {
  validateBackPressed { super.onBackPressed() }
}

...

fun Activity.validateBackPressed(onBackPressed: () -> Unit) {
    if (Build.VERSION.SDK_INT < Build.VERSION_CODES.R && supportFragmentManager.backStackEntryCount == 0) {
        if (isTaskRoot) {
            onBackPressed()
        } else {
            Timber.e("Application is potentially corrupted by an unknown activity")
            finishAffinity()
        }
    } else {
        onBackPressed()
    }
}

[yostyle]

Done

[bmarty]

See https://github.com/vector-im/element-android/pull/4498/files#r754454956

It's worth noting that the app seems robust to the StrandHogg vulnerability with the fix. I have the error log when I try the attack.

[github-actions]

Matrix SDK

Integration Tests Results:

• [org.matrix.android.sdk.session]
  passed="25" failures="17" errors="0" skipped="2"
• [org.matrix.android.sdk.account]
  passed="5" failures="0" errors="0" skipped="2"
• [org.matrix.android.sdk.internal]
  passed="62" failures="1" errors="0" skipped="28"
• [org.matrix.android.sdk.ordering]
  passed="16" failures="0" errors="0" skipped="0"
• [org.matrix.android.sdk.PermalinkParserTest]
  passed="2" failures="0" errors="0" skipped="0"

[Florian14]

Please add documentation to explain that this should be only used for top-level activities. A developer which is not aware of this could think that it's a good practice to use it for all activities.

[yostyle]

Done

[bmarty]

Funny: I had the same mental path "A developer which is not aware of this could think that it's a good practice to use it for all activities". And now I see this comment in GitHub, and the comment in the code :)

[bmarty]

Maybe add the suffix to the taskAffinity of VectorCallActivity?

[bmarty]

Maybe using 8 chars in [a-z] is enough :)

[yostyle]

done

[bmarty]

Maybe rename to generateTaskAffinitySuffix

[yostyle]

done

[ouchadam]

not a blocker since we're not using the build cache, wanted to highlight generating new values on each build/gradle configuration cycle may cause some of the android gradle tasks to become non cachable

[bmarty]

Ah, something else I did not think about.
We want to have stable builds, i.e. the same code generates the same binary (related: #842, and context in element-hq/riot-android#3131). It's important for F-Droid.
With this change it will not be the case anymore.
I have not idea how to handle that now.

[ouchadam]

could we use the short git hash for the suffix? 🤔

[yostyle]

We should propably compute the task affinity suffix from tags or commit hash ?

[yostyle]

could we use the short git hash for the suffix? 🤔

We can't use it as is. taskAffinity has same format as namespace :

• It must have at least two segments (one or more dots).
• Each segment must start with a letter.
• All characters must be alphanumeric or an underscore [a-zA-Z0-9_].

https://developer.android.com/studio/build/configure-app-module#set-application-id

[ouchadam]

we could use the git hash as a seed for the random()

[bmarty]

That's a good idea to compute a suffix using git hash and just remove forbidden chars (but is there any?).

[bmarty]

So many having a appTaskAffinitySuffix like a${git_hash_8_digits} with a a prefix to ensure it's always starting with a letter would fit all our needs. WDYT @yostyle ?

[yostyle]

we already have gitRevision. I'm going to reuse it.

[bmarty]

Thanks for the update. As per my test, it's working well.
I will squash commits to clean up the history of this branch.