DO NOT MERGE Ignore - Sanitized uri scheme by removing scheme delimiter

Initially considered removing unsupported characters as per IANA guidelines, but this could break applications that use custom schemes with asterisks. Instead, opted to remove only the "://" to minimize disruption Bug: 261721900 Test: atest FrameworksCoreTests:android.net.UriTest No-Typo-Check: The unit test is specifically written to test few cases, string "http://https://" is not a typo NOTE FOR REVIEWERS - original patch and result patch are not identical. PLEASE REVIEW CAREFULLY. Diffs between the patches: @AsbSecurityTest(cveBugId = 261721900) > + @SmallTest > + public void testSchemeSanitization() { > + Uri uri = new Uri.Builder() > + .scheme("http://https://evil.com:/te:st/") > + .authority("google.com").path("one/way").build(); > + assertEquals("httphttpsevil.com:/te:st/", uri.getScheme()); > + assertEquals("httphttpsevil.com:/te:st/://google.com/one/way", uri.toString()); > + } > + Original patch: diff --git a/core/java/android/net/Uri.java b/core/java/android/net/Uri.java old mode 100644 new mode 100644 --- a/core/java/android/net/Uri.java +++ b/core/java/android/net/Uri.java @@ -1388,7 +1388,11 @@ * @param scheme name or {@code null} if this is a relative Uri */ public Builder scheme(String scheme) { - this.scheme = scheme; + if (scheme != null) { + this.scheme = scheme.replace("://", ""); + } else { + this.scheme = null; + } return this; } diff --git a/core/tests/coretests/src/android/net/UriTest.java b/core/tests/coretests/src/android/net/UriTest.java old mode 100644 new mode 100644 --- a/core/tests/coretests/src/android/net/UriTest.java +++ b/core/tests/coretests/src/android/net/UriTest.java @@ -87,6 +87,16 @@ assertNull(u.getAuthority()); assertNull(u.getHost()); } + + @AsbSecurityTest(cveBugId = 261721900) + @SmallTest + public void testSc [[[Original patch trimmed due to size. Decoded string size: 1426. Decoded string SHA1: 55d69e9f854938457b2d98b18776898b16c2dd54.]]] Result patch: diff --git a/core/java/android/net/Uri.java b/core/java/android/net/Uri.java index 3da696a..f0262e9 100644 --- a/core/java/android/net/Uri.java +++ b/core/java/android/net/Uri.java @@ -1388,7 +1388,11 @@ * @param scheme name or {@code null} if this is a relative Uri */ public Builder scheme(String scheme) { - this.scheme = scheme; + if (scheme != null) { + this.scheme = scheme.replace("://", ""); + } else { + this.scheme = null; + } return this; } diff --git a/core/tests/coretests/src/android/net/UriTest.java b/core/tests/coretests/src/android/net/UriTest.java index 89632a4..8c130ee 100644 --- a/core/tests/coretests/src/android/net/UriTest.java +++ b/core/tests/coretests/src/android/net/UriTest.java @@ -88,6 +88,16 @@ assertNull(u.getHost()); } + @AsbSecurityTest(cveBugId = 261721900) + @SmallTest + public void testSchemeSanitization() { + Uri uri = new [[[Result patch trimmed due to size. Decoded string size: 1417. Decoded string SHA1: f9ce831a369872ae9bfd9f50f01dd394682e0f3f.]]] (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:557941ca0cf59da66db4fad12c2139ce80922f4a) Merged-In: Icab100bd4ae9b1c8245e6f891ad22101bda5eea5 Change-Id: Icab100bd4ae9b1c8245e6f891ad22101bda5eea5
author: Kiran Ramachandra <kiranmr@google.com> 2024-05-30 21:21:12 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2024-07-15 03:38:00 +0000
commit: 374bbfd0a9d6a4bc51918f25d976e593d07bf5a3 (patch)
tree: 28768123f204e958ce286eac2b42e8c9793ce295
parent: d8a177e60b631bc23a501bddae56287dd8ad853f (diff)
2 files changed, 16 insertions, 1 deletions
diff --git a/core/java/android/net/Uri.java b/core/java/android/net/Uri.java
index 7fbaf1027af6..19ea05d201e5 100644
--- a/core/java/android/net/Uri.java
+++ b/core/java/android/net/Uri.java
@@ -1386,7 +1386,11 @@ public abstract class Uri implements Parcelable, Comparable<Uri> {
          * @param scheme name or {@code null} if this is a relative Uri
          */
         public Builder scheme(String scheme) {
-            this.scheme = scheme;
+            if (scheme != null) {
+                this.scheme = scheme.replace("://", "");
+            } else {
+                this.scheme = null;
+            }
             return this;
         }
 
diff --git a/core/tests/coretests/src/android/net/UriTest.java b/core/tests/coretests/src/android/net/UriTest.java
index 2a4ca79d997e..57cb1586bcd0 100644
--- a/core/tests/coretests/src/android/net/UriTest.java
+++ b/core/tests/coretests/src/android/net/UriTest.java
@@ -18,6 +18,7 @@ package android.net;
 
 import android.content.ContentUris;
 import android.os.Parcel;
+import android.platform.test.annotations.AsbSecurityTest;
 
 import androidx.test.filters.SmallTest;
 
@@ -86,6 +87,16 @@ public class UriTest extends TestCase {
         assertNull(u.getHost());
     }
 
+    @AsbSecurityTest(cveBugId = 261721900)
+    @SmallTest
+    public void testSchemeSanitization() {
+        Uri uri = new Uri.Builder()
+                .scheme("http://https://evil.com:/te:st/")
+                .authority("google.com").path("one/way").build();
+        assertEquals("httphttpsevil.com:/te:st/", uri.getScheme());
+        assertEquals("httphttpsevil.com:/te:st/://google.com/one/way", uri.toString());
+    }
+
     @SmallTest
     public void testStringUri() {
         assertEquals("bob lee",
author	Kiran Ramachandra <kiranmr@google.com>	2024-05-30 21:21:12 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2024-07-15 03:38:00 +0000
commit	374bbfd0a9d6a4bc51918f25d976e593d07bf5a3 (patch)
tree	28768123f204e958ce286eac2b42e8c9793ce295
parent	d8a177e60b631bc23a501bddae56287dd8ad853f (diff)