Unsafe intent detection compatibility #31
Description
To protect against Intent redirection, Google added unsafe intent detection to allow developers to be warned in case they accidentally become vulnerable to that.
Unfortunately, it seems this detection has several false positives with Tasker plugin. When enabled, there are two places where the detector will crash the app:
1. Launching Service from receiver
This is basically a textbook example of Intent redirection (it forwards the entire Intent to somewhere else, including any potentially malicious data), but I think in this case it is not really security issue since the service expects that.
As a workaround, to prevent the crash, a new Intent has to be made, with old extras copied in:
val serviceIntent: Intent = Intent(context, TService::class.java)
intent.extras?.let {
// If we just do putExtras(intent.extras), we still run afoul the unsafe intent detection
// But if we modify the bundle in any way, it will trick the detection
// Putting this boolean in makes sense anyway, I think, to make sure, service will call startForeground
it.putBoolean(TaskerPluginConstants.EXTRA_CAN_BIND_FIRE_SETTING, false)
serviceIntent.putExtras(it)
}
context.startServiceDependingOnTargetApi(serviceIntent)2. Starting intent loaded from URI
The detector really does not like Intent.parseUri. If you use it, that intent can only be used to start an implicit activity with Category.BROWSABLE. In every single other case, including ours, it will crash the app.
A workaround I found is to create a new intent and then copy data from the tainted intent:
Intent completionIntentSource = Intent.parseUri(completionIntentString, Intent.URI_INTENT_SCHEME);
Intent completionIntent = new Intent(completionIntentSource.getAction(), completionIntentSource.getData());
completionIntent.setComponent(completionIntentSource.getComponent());
completionIntentSource.putExtras(completionIntentSource.getExtras());Could we add those workarounds in?