stately icon indicating copy to clipboard operation
stately copied to clipboard
verified publisher icon lloydtorres

Missing response content validation after performing network operation

Open amazuerar opened this issue 4 years ago • 0 comments

Dear Developer!

My name is Alejandro Mazuera-Rozo, I am a PhD Student at Universidad de los Andes, and at Università della Svizzera italiana. I am part of a research on the usage of network libraries within Android apps. As result of this we identified some code locations that might have network related problems.

In this case, we address the code locations that are related to a potential issue concerning a missing validation of the response content against expected values. It would be a good practice to validate whether external server’s responses are correct, use validation rules.

In order to address this issue we recommend you to visit:

  1. https://developer.android.com/training/volley/requestqueue

Potential Code Location missing Response Content validation

  1. When a new request is being added to the Volley queue:

https://github.com/lloydtorres/stately/blob/1992d85929a8e73f8ecd602737087e51af12006a/Stately/app/src/main/java/com/lloydtorres/stately/census/TrendsActivity.java#L274

  1. There is no validation when assigning response inside the onResponse() method https://github.com/lloydtorres/stately/blob/1992d85929a8e73f8ecd602737087e51af12006a/Stately/app/src/main/java/com/lloydtorres/stately/census/TrendsActivity.java#L227-L236

amazuerar avatar Aug 13 '21 12:08 amazuerar