10: Create IntentFilterPlugin
This commit is contained in:
Bartłomiej Pluta
@@ -113,4 +113,10 @@ public class PluginModule {
|
|||||||
public Plugin textInputValidationPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
|
public Plugin textInputValidationPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
|
||||||
return new TextInputValidationPlugin(globMatcher, xmlHelper);
|
return new TextInputValidationPlugin(globMatcher, xmlHelper);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Provides
|
||||||
|
@IntoSet
|
||||||
|
public Plugin intentFilterPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
|
||||||
|
return new IntentFilterPlugin(globMatcher, xmlHelper);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,43 @@
|
|||||||
|
package com.bartek.esa.core.plugin;
|
||||||
|
|
||||||
|
import com.bartek.esa.core.archetype.AndroidManifestPlugin;
|
||||||
|
import com.bartek.esa.core.model.enumeration.Severity;
|
||||||
|
import com.bartek.esa.core.xml.XmlHelper;
|
||||||
|
import com.bartek.esa.file.matcher.GlobMatcher;
|
||||||
|
import org.w3c.dom.Document;
|
||||||
|
import org.w3c.dom.Node;
|
||||||
|
import org.w3c.dom.NodeList;
|
||||||
|
|
||||||
|
import javax.inject.Inject;
|
||||||
|
|
||||||
|
public class IntentFilterPlugin extends AndroidManifestPlugin {
|
||||||
|
|
||||||
|
@Inject
|
||||||
|
public IntentFilterPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
|
||||||
|
super(globMatcher, xmlHelper);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void run(Document xml) {
|
||||||
|
NodeList filters = xml.getElementsByTagName("intent-filter");
|
||||||
|
stream(filters)
|
||||||
|
.filter(this::isNotMainActivity)
|
||||||
|
.map(Node::getParentNode)
|
||||||
|
.forEach(n -> addIssue(Severity.INFO, null, tagString(n)));
|
||||||
|
}
|
||||||
|
|
||||||
|
private boolean isNotMainActivity(Node filter) {
|
||||||
|
long mainActivityIntentFilters = stream(filter.getChildNodes())
|
||||||
|
.filter(n -> n.getNodeName().matches("action|category"))
|
||||||
|
.map(n -> n.getAttributes().getNamedItem("android:name"))
|
||||||
|
.map(Node::getNodeValue)
|
||||||
|
.filter(v -> v.equals("android.intent.action.MAIN") || v.equals("android.intent.category.LAUNCHER"))
|
||||||
|
.count();
|
||||||
|
|
||||||
|
long currentIntentFilters = stream(filter.getChildNodes())
|
||||||
|
.filter(n -> n.getNodeName().matches("action|category"))
|
||||||
|
.count();
|
||||||
|
|
||||||
|
return mainActivityIntentFilters != currentIntentFilters;
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -117,3 +117,8 @@ com.bartek.esa.core.plugin.TextInputValidationPlugin=Input type is no selected.\
|
|||||||
The EditText view doesn't have a input type selected.\n\
|
The EditText view doesn't have a input type selected.\n\
|
||||||
Consider associating a input type with this view.\n\
|
Consider associating a input type with this view.\n\
|
||||||
For example: <EditText android:inputType="number" ...
|
For example: <EditText android:inputType="number" ...
|
||||||
|
|
||||||
|
com.bartek.esa.core.plugin.IntentFilterPlugin=Implemented intent filter.\n\
|
||||||
|
Component with intent filter was found. It means, that the component is implicitly exposed to public.\n\
|
||||||
|
Consider removing intent filter.\n\
|
||||||
|
Also be aware, that intent filter is not a security tool. It can be easily omitted.
|
||||||
|
|||||||
Reference in New Issue
Block a user