PorNo-_Porn_Blocker icon indicating copy to clipboard operation
PorNo-_Porn_Blocker copied to clipboard

Published 20 hours ago verified publisher icon mrvivacious

[Android] Validate inputted URLs are actually URLs....

Open mrvivacious opened this issue 2 years ago • 1 comments

An android.content.ActivityNotFoundException crash happens with these lines:

https://github.com/mrvivacious/PorNo-_Porn_Blocker/blob/48ccc029feab6b73b565ad5058fcace9123b30a7/androidApp/app/src/main/java/us/mrvivacio/porno/MainActivity.java#L164

https://github.com/mrvivacious/PorNo-_Porn_Blocker/blob/48ccc029feab6b73b565ad5058fcace9123b30a7/androidApp/app/src/main/java/us/mrvivacio/porno/MyAccessibilityService.java#L227

Hypothesis, because I don't have info on what the passed in intent was and don't collect data on the user's inputted data: openUrlInBrowser is called when the user presses the links in the popup menu and when the user touches their redirect links. This crash comes from a listItemTouch event, which means the "url" passed into the function is in an invalid format. The accessibilityService class is related to this problem because when a user is redirected, an Activity is fired with the "supposed redirect URL". If the URL string is in invalid format, there is no activity to open a malformed string, so ActivityNotFound is thrown.

Detective mrvivacious believes this case is closed but is open to being shown more information.

REMEDY: Validate user input is in URL format (MainActivity.class). There exists work on this problem, so we can rest easy for the time being. Will probably use if-else checks for simplicity over regex LOL idk

See exception:

android.content.ActivityNotFoundException: 
  ...
  at android.app.Activity.startActivity (Activity.java:4789)
  at us.mrvivacio.porno.MainActivity.openUrlInBrowser (MainActivity.java:165)
  at us.mrvivacio.porno.MainActivity.lambda$setupTouchListeners$1$MainActivity (MainActivity.java:114)
  ...

I can't believe some users don't enter valid URLs in the input....what are they typing in anyways?

mrvivacious avatar Jul 09 '21 09:07 mrvivacious

note: figure out what the string schema is that corresponds to browser Activities. I'm saying, what does the input need to look like for Android to try opening that input in the web browser? 'http://' ? 'http://blahblah.whatever' ? Then, we can enforce that pattern on the user input

mrvivacious avatar Jul 09 '21 10:07 mrvivacious