Fixed
Status Update
No update yet.
Comments
jb...@google.com
ap...@google.com
Please include a sample project that reproduces your issue.
il...@google.com
Sample project linked here:
we...@salesforce.com
Project: platform/frameworks/support
Branch: androidx-master-dev
commit e3ae9332249aad7636d3050afb3278ada0199fad
Author: Jeremy Woods <jbwoods@google.com>
Date: Thu Jul 30 15:49:25 2020
Ensure ActivityResult lint works with newer lint versions
Previously the lint rule only worked for version 26.3.0 of lint since it
used API that had been deleted in later versions. We have a problem
where we need to be able to on older versions, but should also support
newer versions.
This changes use reflection to access the APIs from version 26.3.0 and
27.1.0, which means the rule should now work no matter what version of
lint.
Test: added tests for 27.1.0, tested in app for 26.3.0
Bug: 162155191
Change-Id: I732ca50aa629fc8a0c2df4c183f363e4a286c490
M activity/activity-lint/src/main/java/androidx/activity/lint/ActivityResultFragmentVersionDetector.kt
M activity/activity-lint/src/test/java/androidx/activity/lint/ActivityResultFragmentVersionDetectorTest.kt
https://android-review.googlesource.com/1380294
Branch: androidx-master-dev
commit e3ae9332249aad7636d3050afb3278ada0199fad
Author: Jeremy Woods <jbwoods@google.com>
Date: Thu Jul 30 15:49:25 2020
Ensure ActivityResult lint works with newer lint versions
Previously the lint rule only worked for version 26.3.0 of lint since it
used API that had been deleted in later versions. We have a problem
where we need to be able to on older versions, but should also support
newer versions.
This changes use reflection to access the APIs from version 26.3.0 and
27.1.0, which means the rule should now work no matter what version of
lint.
Test: added tests for 27.1.0, tested in app for 26.3.0
Bug: 162155191
Change-Id: I732ca50aa629fc8a0c2df4c183f363e4a286c490
M activity/activity-lint/src/main/java/androidx/activity/lint/ActivityResultFragmentVersionDetector.kt
M activity/activity-lint/src/test/java/androidx/activity/lint/ActivityResultFragmentVersionDetectorTest.kt
Description
Hello, in a security audit we found an instance of insecure Random Number Generator.
File androidx/activity/result/ActivityResultRegistry.java near line 25:
This is the report we got:
Category Cryptography and Insecure Storage
Testing Method Black Box
Tools Used Apktool, dex2jar, jd-gui
Component used: Activity
Version used: 1.8
Devices/Android versions reproduced on: Android api 31.
If this is a bug in the library, we would appreciate if you could attach:
- Sample project to trigger the issue.
- A screenrecord or screenshots showing the issue (if UI related).