Closed
Bug 716143
Opened 13 years ago
Closed 13 years ago
SQL injection flaws in storage layer
Categories
(Firefox for Android Graveyard :: Android Sync, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: rnewman, Assigned: emtwo)
Details
Thanks to imelven for the review!
---
http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/sync/repositories/android/AndroidBrowserRepositoryDataAccessor.java#90
89 protected void delete(String guid) {
90 context.getContentResolver().delete(getUri(), BrowserContract.SyncColumns.GUID + " = '" + guid + "'", null);
91 }
potential injection there and also same pattern at
http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/sync/repositories/android/AndroidBrowserHistoryDataAccessor.java#104
http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/sync/repositories/android/AndroidBrowserRepositoryDataAccessor.java#142
http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/sync/repositories/android/AndroidBrowserRepositoryDataAccessor.java#160
http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/sync/repositories/android/AndroidBrowserRepositoryDataAccessor.java#164
http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/sync/repositories/android/AndroidBrowserBookmarksDataAccessor.java#159
Would prefer this was along the lines of
context.getContentResolver().delete(getUri(), BrowserContract.SyncColumns.GUID + " = ?", new String[] { guid });
just to be totally safe.
Not super concerned about it since these are GUIDs and should always
be coming from sync and not content but i'm paid to be this paranoid... :D
|
Assignee | |
Comment 1•13 years ago
|
||
|
Reporter | |
Comment 2•13 years ago
|
||
(In reply to Marina Samuel [:marina] from comment #1)
> Resolved:
> https://github.com/mozilla-services/android-sync/commit/
> d4010c878568e39290ccc827f96b8c754098569a
Wrong bug? Did you mean Bug 716073?
|
|
Assignee | |
Comment 4•13 years ago
|
||
This is still not complete but I'd like some feedback for thus far please :)
Fix:
https://github.com/mozilla-services/android-sync/commit/211af1
Tests:
https://github.com/mozilla-services/test-android-sync/commit/44523
|
|
Assignee | |
Comment 5•13 years ago
|
||
|
|
Reporter | |
Comment 6•13 years ago
|
||
Is this complete, Marina?
|
|
Assignee | |
Comment 7•13 years ago
|
||
Yes
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
|
||
Updated•13 years ago
|
Resolution: INVALID → FIXED
|
|
Reporter | |
Updated•13 years ago
|
Priority: -- → P1
|
||
Updated•12 years ago
|
Product: Mozilla Services → Android Background Services
|
||
Updated•7 years ago
|
Product: Android Background Services → Firefox for Android
|
|
||
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•