mudhorn/zxing
1
0
Fork 0
mirror of https://github.com/zxing/zxing.git synced 2024-09-19 21:17:33 -07:00
Code Issues Actions Packages Projects Releases Wiki Activity

Issue #1051: to avoid letting user input into logs, sanitize input and/or just remove unimportant log statements in Android, web app

Browse source
This commit is contained in:
Sean Owen 2018-08-07 19:28:06 -05:00
parent 2179c52ee3
commit 0b9b39a74f
8 changed files with 8 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
android/src/com/google/zxing/client/android/CaptureActivityHandler.java
View file

@ -136,7 +136,7 @@ public final class CaptureActivityHandler extends Handler {
try {
activity.startActivity(intent);
} catch (ActivityNotFoundException ignored) {
Log.w(TAG, "Can't find anything to handle VIEW of URI " + url);
Log.w(TAG, "Can't find anything to handle VIEW of URI");
}
break;
}

6
android/src/com/google/zxing/client/android/DecodeHintManager.java
View file

@ -181,7 +181,7 @@ final class DecodeHintManager {
try {
array[i] = Integer.parseInt(values[i]);
} catch (NumberFormatException ignored) {
Log.w(TAG, "Skipping array of integers hint " + hintType + " due to invalid numeric value: '" + values[i] + '\'');
Log.w(TAG, "Skipping array of integers hint " + hintType + " due to invalid numeric value");
array = null;
break;
}
@ -194,7 +194,6 @@ final class DecodeHintManager {
Log.w(TAG, "Unsupported hint type '" + hintType + "' of type " + hintType.getValueType());
}
Log.i(TAG, "Hints from the URI: " + hints);
return hints;
}
@ -223,13 +222,12 @@ final class DecodeHintManager {
if (hintType.getValueType().isInstance(hintData)) {
hints.put(hintType, hintData);
} else {
Log.w(TAG, "Ignoring hint " + hintType + " because it is not assignable from " + hintData);
Log.w(TAG, "Ignoring hint " + hintType + " because it is not a " + hintType.getValueType());
}
}
}
}
Log.i(TAG, "Hints from the Intent: " + hints);
return hints;
}

2
android/src/com/google/zxing/client/android/DecodeThread.java
View file

@ -24,7 +24,6 @@ import android.content.SharedPreferences;
import android.os.Handler;
import android.os.Looper;
import android.preference.PreferenceManager;
import android.util.Log;
import java.util.Collection;
import java.util.EnumMap;
@ -90,7 +89,6 @@ final class DecodeThread extends Thread {
hints.put(DecodeHintType.CHARACTER_SET, characterSet);
}
hints.put(DecodeHintType.NEED_RESULT_POINT_CALLBACK, resultPointCallback);
Log.i("DecodeThread", "Hints: " + hints);
}
Handler getHandler() {

3
android/src/com/google/zxing/client/android/HttpHelper.java
View file

@ -16,8 +16,6 @@
package com.google.zxing.client.android;
import android.util.Log;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
@ -193,7 +191,6 @@ public final class HttpHelper {
conn = url.openConnection();
} catch (NullPointerException npe) {
// Another strange bug in Android?
Log.w(TAG, "Bad URI? " + url);
throw new IOException(npe);
}
if (!(conn instanceof HttpURLConnection)) {

1
android/src/com/google/zxing/client/android/result/ResultHandler.java
View file

@ -462,7 +462,6 @@ public abstract class ResultHandler {
final void rawLaunchIntent(Intent intent) {
if (intent != null) {
intent.addFlags(Intents.FLAG_NEW_DOC);
Log.d(TAG, "Launching intent: " + intent + " with extras: " + intent.getExtras());
activity.startActivity(intent);
}
}

4
android/src/com/google/zxing/client/android/share/ShareActivity.java
View file

@ -30,7 +30,6 @@ import android.database.Cursor;
import android.net.Uri;
import android.os.Bundle;
import android.provider.BaseColumns;
import android.util.Log;
import android.view.KeyEvent;
import android.view.View;
import android.widget.TextView;
@ -156,7 +155,6 @@ public final class ShareActivity extends Activity {
}
private void showTextAsBarcode(String text) {
Log.i(TAG, "Showing text as barcode: " + text);
if (text == null) {
return; // Show error?
}
@ -175,7 +173,6 @@ public final class ShareActivity extends Activity {
* @param contactUri A Uri of the form content://contacts/people/17
*/
private void showContactAsBarcode(Uri contactUri) {
Log.i(TAG, "Showing contact URI as barcode: " + contactUri);
if (contactUri == null) {
return; // Show error?
}
@ -260,7 +257,6 @@ public final class ShareActivity extends Activity {
intent.putExtra(Intents.Encode.DATA, bundle);
intent.putExtra(Intents.Encode.FORMAT, BarcodeFormat.QR_CODE.toString());
Log.i(TAG, "Sending bundle for encoding: " + bundle);
startActivity(intent);
}

2
android/src/com/google/zxing/client/android/wifi/WifiConfigManager.java
View file

@ -76,7 +76,7 @@ public final class WifiConfigManager extends AsyncTask<WifiParsedResult,Object,O
try {
networkType = NetworkType.forIntentValue(networkTypeString);
} catch (IllegalArgumentException ignored) {
Log.w(TAG, "Bad network type; see NetworkType values: " + networkTypeString);
Log.w(TAG, "Bad network type");
return null;
}
if (networkType == NetworkType.NO_PASSWORD) {

5
zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
View file

@ -63,6 +63,7 @@ import java.util.Timer;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import javax.imageio.ImageIO;
import javax.servlet.RequestDispatcher;
@ -92,6 +93,7 @@ public final class DecodeServlet extends HttpServlet {
private static final Logger log = Logger.getLogger(DecodeServlet.class.getName());
private static final Pattern WHITESPACE = Pattern.compile("\\s+");
// No real reason to let people upload more than ~64MB
private static final long MAX_IMAGE_SIZE = 1L << 26;
// No real reason to deal with more than ~32 megapixels
@ -152,7 +154,8 @@ public final class DecodeServlet extends HttpServlet {
return;
}
imageURIString = imageURIString.trim();
// Remove any whitespace to sanitize; none is valid anyway
imageURIString = WHITESPACE.matcher(imageURIString).replaceAll("");
for (CharSequence substring : blockedURLSubstrings) {
if (imageURIString.contains(substring)) {
log.info("Disallowed URI " + imageURIString);