• Home
• io.github.erroraway
• sonar-erroraway-sonar-plugin
• 2.2.0
• source code
• FragmentInjection.md

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

errorprone.bugpattern.android.FragmentInjection.md Maven / Gradle / Ivy

Fragment Injection refers to a security vulnerability in classes extending
`android.preference.PreferenceActivity` wherein malicious intents can place
fragments in places they were never meant to be. In Android SDK 19 and higher,
this was patched by adding the method `isValidFragment` to verify that fragments
placed in preference activities are meant to be there before instantiating them.

The vulnerability exists for any exported preference activity targeting API
level < 19 unless you override `isValidFragment` in your activity to check that
fragments are the type that you expect. You'll probably want to do something
like this:

```java
protected boolean isValidFragment(String fragmentName) {
  return MyFragment.class.getName().equals(fragmentName);
}
```

This check emits a warning if isValidFragment is not implemented on classes
extending PreferenceActivity, or if the implementation of isValidFragment
returns true on all code paths[^1].

If you are targeting API level >= 19, or if `exported` is set to `false` in your
`Manifest.xml`, you are probably safe[^2], but it is even better to implement
`isValidFragment` anyway in case of future changes to your manifest, or other
eventualities.

For more info:

*   https://securityintelligence.com/new-vulnerability-android-framework-fragment-injection/
*   https://support.google.com/faqs/answer/7188427

[^1]: Your method implementation may be safe if you throw a runtime exception
    instead of returning false for a fragment, but you will still get a
    warning. You may want to change your implementation to return false
    instead. This way your app will still be safe, and won't crash.
[^2]: For API levels >= 19, the default implementation throws a runtime
    exception, so it is "safe", but probably not the behavior you want. If
    your activity is not exported, intents outside your app should not be able
    to attempt to show any fragments, and therefore isValidFragment should not
    be called.