mirror of
https://github.com/zxing/zxing.git
synced 2024-11-09 20:44:03 -08:00
Issue #1051: to avoid letting user input into logs, sanitize input and/or just remove unimportant log statements in Android, web app
This commit is contained in:
Sean Owen
parent
2179c52ee3
commit
0b9b39a74f
|
|
@ -136,7 +136,7 @@ public final class CaptureActivityHandler extends Handler {
|
||||||
try {
|
try {
|
||||||
activity.startActivity(intent);
|
activity.startActivity(intent);
|
||||||
} catch (ActivityNotFoundException ignored) {
|
} catch (ActivityNotFoundException ignored) {
|
||||||
Log.w(TAG, "Can't find anything to handle VIEW of URI " + url);
|
Log.w(TAG, "Can't find anything to handle VIEW of URI");
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -181,7 +181,7 @@ final class DecodeHintManager {
|
||||||
try {
|
try {
|
||||||
array[i] = Integer.parseInt(values[i]);
|
array[i] = Integer.parseInt(values[i]);
|
||||||
} catch (NumberFormatException ignored) {
|
} catch (NumberFormatException ignored) {
|
||||||
Log.w(TAG, "Skipping array of integers hint " + hintType + " due to invalid numeric value: '" + values[i] + '\'');
|
Log.w(TAG, "Skipping array of integers hint " + hintType + " due to invalid numeric value");
|
||||||
array = null;
|
array = null;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
@ -194,7 +194,6 @@ final class DecodeHintManager {
|
||||||
Log.w(TAG, "Unsupported hint type '" + hintType + "' of type " + hintType.getValueType());
|
Log.w(TAG, "Unsupported hint type '" + hintType + "' of type " + hintType.getValueType());
|
||||||
}
|
}
|
||||||
|
|
||||||
Log.i(TAG, "Hints from the URI: " + hints);
|
|
||||||
return hints;
|
return hints;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -223,13 +222,12 @@ final class DecodeHintManager {
|
||||||
if (hintType.getValueType().isInstance(hintData)) {
|
if (hintType.getValueType().isInstance(hintData)) {
|
||||||
hints.put(hintType, hintData);
|
hints.put(hintType, hintData);
|
||||||
} else {
|
} else {
|
||||||
Log.w(TAG, "Ignoring hint " + hintType + " because it is not assignable from " + hintData);
|
Log.w(TAG, "Ignoring hint " + hintType + " because it is not a " + hintType.getValueType());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Log.i(TAG, "Hints from the Intent: " + hints);
|
|
||||||
return hints;
|
return hints;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,6 @@ import android.content.SharedPreferences;
|
||||||
import android.os.Handler;
|
import android.os.Handler;
|
||||||
import android.os.Looper;
|
import android.os.Looper;
|
||||||
import android.preference.PreferenceManager;
|
import android.preference.PreferenceManager;
|
||||||
import android.util.Log;
|
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.EnumMap;
|
import java.util.EnumMap;
|
||||||
|
|
@ -90,7 +89,6 @@ final class DecodeThread extends Thread {
|
||||||
hints.put(DecodeHintType.CHARACTER_SET, characterSet);
|
hints.put(DecodeHintType.CHARACTER_SET, characterSet);
|
||||||
}
|
}
|
||||||
hints.put(DecodeHintType.NEED_RESULT_POINT_CALLBACK, resultPointCallback);
|
hints.put(DecodeHintType.NEED_RESULT_POINT_CALLBACK, resultPointCallback);
|
||||||
Log.i("DecodeThread", "Hints: " + hints);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Handler getHandler() {
|
Handler getHandler() {
|
||||||
|
|
|
||||||
|
|
@ -16,8 +16,6 @@
|
||||||
|
|
||||||
package com.google.zxing.client.android;
|
package com.google.zxing.client.android;
|
||||||
|
|
||||||
import android.util.Log;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStreamReader;
|
import java.io.InputStreamReader;
|
||||||
import java.io.Reader;
|
import java.io.Reader;
|
||||||
|
|
@ -193,7 +191,6 @@ public final class HttpHelper {
|
||||||
conn = url.openConnection();
|
conn = url.openConnection();
|
||||||
} catch (NullPointerException npe) {
|
} catch (NullPointerException npe) {
|
||||||
// Another strange bug in Android?
|
// Another strange bug in Android?
|
||||||
Log.w(TAG, "Bad URI? " + url);
|
|
||||||
throw new IOException(npe);
|
throw new IOException(npe);
|
||||||
}
|
}
|
||||||
if (!(conn instanceof HttpURLConnection)) {
|
if (!(conn instanceof HttpURLConnection)) {
|
||||||
|
|
|
||||||
|
|
@ -462,7 +462,6 @@ public abstract class ResultHandler {
|
||||||
final void rawLaunchIntent(Intent intent) {
|
final void rawLaunchIntent(Intent intent) {
|
||||||
if (intent != null) {
|
if (intent != null) {
|
||||||
intent.addFlags(Intents.FLAG_NEW_DOC);
|
intent.addFlags(Intents.FLAG_NEW_DOC);
|
||||||
Log.d(TAG, "Launching intent: " + intent + " with extras: " + intent.getExtras());
|
|
||||||
activity.startActivity(intent);
|
activity.startActivity(intent);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,6 @@ import android.database.Cursor;
|
||||||
import android.net.Uri;
|
import android.net.Uri;
|
||||||
import android.os.Bundle;
|
import android.os.Bundle;
|
||||||
import android.provider.BaseColumns;
|
import android.provider.BaseColumns;
|
||||||
import android.util.Log;
|
|
||||||
import android.view.KeyEvent;
|
import android.view.KeyEvent;
|
||||||
import android.view.View;
|
import android.view.View;
|
||||||
import android.widget.TextView;
|
import android.widget.TextView;
|
||||||
|
|
@ -156,7 +155,6 @@ public final class ShareActivity extends Activity {
|
||||||
}
|
}
|
||||||
|
|
||||||
private void showTextAsBarcode(String text) {
|
private void showTextAsBarcode(String text) {
|
||||||
Log.i(TAG, "Showing text as barcode: " + text);
|
|
||||||
if (text == null) {
|
if (text == null) {
|
||||||
return; // Show error?
|
return; // Show error?
|
||||||
}
|
}
|
||||||
|
|
@ -175,7 +173,6 @@ public final class ShareActivity extends Activity {
|
||||||
* @param contactUri A Uri of the form content://contacts/people/17
|
* @param contactUri A Uri of the form content://contacts/people/17
|
||||||
*/
|
*/
|
||||||
private void showContactAsBarcode(Uri contactUri) {
|
private void showContactAsBarcode(Uri contactUri) {
|
||||||
Log.i(TAG, "Showing contact URI as barcode: " + contactUri);
|
|
||||||
if (contactUri == null) {
|
if (contactUri == null) {
|
||||||
return; // Show error?
|
return; // Show error?
|
||||||
}
|
}
|
||||||
|
|
@ -260,7 +257,6 @@ public final class ShareActivity extends Activity {
|
||||||
intent.putExtra(Intents.Encode.DATA, bundle);
|
intent.putExtra(Intents.Encode.DATA, bundle);
|
||||||
intent.putExtra(Intents.Encode.FORMAT, BarcodeFormat.QR_CODE.toString());
|
intent.putExtra(Intents.Encode.FORMAT, BarcodeFormat.QR_CODE.toString());
|
||||||
|
|
||||||
Log.i(TAG, "Sending bundle for encoding: " + bundle);
|
|
||||||
startActivity(intent);
|
startActivity(intent);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -76,7 +76,7 @@ public final class WifiConfigManager extends AsyncTask<WifiParsedResult,Object,O
|
||||||
try {
|
try {
|
||||||
networkType = NetworkType.forIntentValue(networkTypeString);
|
networkType = NetworkType.forIntentValue(networkTypeString);
|
||||||
} catch (IllegalArgumentException ignored) {
|
} catch (IllegalArgumentException ignored) {
|
||||||
Log.w(TAG, "Bad network type; see NetworkType values: " + networkTypeString);
|
Log.w(TAG, "Bad network type");
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
if (networkType == NetworkType.NO_PASSWORD) {
|
if (networkType == NetworkType.NO_PASSWORD) {
|
||||||
|
|
|
||||||
|
|
@ -63,6 +63,7 @@ import java.util.Timer;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import java.util.logging.Logger;
|
import java.util.logging.Logger;
|
||||||
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
import javax.imageio.ImageIO;
|
import javax.imageio.ImageIO;
|
||||||
import javax.servlet.RequestDispatcher;
|
import javax.servlet.RequestDispatcher;
|
||||||
|
|
@ -92,6 +93,7 @@ public final class DecodeServlet extends HttpServlet {
|
||||||
|
|
||||||
private static final Logger log = Logger.getLogger(DecodeServlet.class.getName());
|
private static final Logger log = Logger.getLogger(DecodeServlet.class.getName());
|
||||||
|
|
||||||
|
private static final Pattern WHITESPACE = Pattern.compile("\\s+");
|
||||||
// No real reason to let people upload more than ~64MB
|
// No real reason to let people upload more than ~64MB
|
||||||
private static final long MAX_IMAGE_SIZE = 1L << 26;
|
private static final long MAX_IMAGE_SIZE = 1L << 26;
|
||||||
// No real reason to deal with more than ~32 megapixels
|
// No real reason to deal with more than ~32 megapixels
|
||||||
|
|
@ -152,7 +154,8 @@ public final class DecodeServlet extends HttpServlet {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
imageURIString = imageURIString.trim();
|
// Remove any whitespace to sanitize; none is valid anyway
|
||||||
|
imageURIString = WHITESPACE.matcher(imageURIString).replaceAll("");
|
||||||
for (CharSequence substring : blockedURLSubstrings) {
|
for (CharSequence substring : blockedURLSubstrings) {
|
||||||
if (imageURIString.contains(substring)) {
|
if (imageURIString.contains(substring)) {
|
||||||
log.info("Disallowed URI " + imageURIString);
|
log.info("Disallowed URI " + imageURIString);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue