stately icon indicating copy to clipboard operation
stately copied to clipboard
verified publisher icon lloydtorres

Missing response code validation after performing network operation

Open amazuerar opened this issue 4 years ago • 0 comments

Dear Developer!

My name is Alejandro Mazuera-Rozo, I am a PhD Student at Universidad de los Andes, and at Università della Svizzera italiana. I am part of a research on the usage of network libraries within Android apps. As result of this we identified some code locations that might have network related problems.

In this case, we present the code locations that are related to a missing validation of the response code when performing network operations. When you make an HTTP request, your application should validate the response status code before manipulating it, otherwise it could cause misbehaviour within the app.

In order to address this issue we recommend you to visit:

  1. https://developer.android.com/training/volley/requestqueue

Potential Code Location missing Response Code validation

  1. When a new request is being added to the Volley queue:

https://github.com/lloydtorres/stately/blob/1992d85929a8e73f8ecd602737087e51af12006a/Stately/app/src/main/java/com/lloydtorres/stately/census/TrendsActivity.java#L274

  1. There is no previous validation of statusCode when assigning response inside the onResponse() method https://github.com/lloydtorres/stately/blob/1992d85929a8e73f8ecd602737087e51af12006a/Stately/app/src/main/java/com/lloydtorres/stately/census/TrendsActivity.java#L227-L236

amazuerar avatar Aug 15 '21 15:08 amazuerar