[automerger] Patch URI vulnerability in contact photo editing am: ccfd94b965 am: 2fc4d78bfc am: fc6e94648d am: 3ffe76ed9c am: 456f745849 am: 9df22bbe22 am: b96186029f am: 655ad64631 am: acdfb82c89

am: f7a8623a09 Change-Id: I1ccd77636a3383be1bd46cef2c998872250fb6e3
author: Gary Mai <garymai@google.com> 2018-10-30 17:50:30 -0700
committer: android-build-merger <android-build-merger@google.com> 2018-10-30 17:50:30 -0700
commit: dfea2858f5b01a2bff151a396e9e2d0789c498d0 (patch)
tree: 4d5db09a9e16023fcf0c425dc6e81f36d7ad8d14 /tests/src/com
parent: e9245d1721c8d6066523f459a9fbc84da821e6ca (diff)
parent: f7a8623a09a6fe0d38b16fcfd81316f29235480d (diff)
download: Contacts-dfea2858f5b01a2bff151a396e9e2d0789c498d0.tar.gz
1 files changed, 49 insertions, 0 deletions
diff --git a/tests/src/com/android/contacts/util/ContactPhotoUtilsTest.java b/tests/src/com/android/contacts/util/ContactPhotoUtilsTest.java
new file mode 100644
index 000000000..d17b98c2d
--- /dev/null
+++ b/tests/src/com/android/contacts/util/ContactPhotoUtilsTest.java
@@ -0,0 +1,49 @@
+package com.android.contacts.util;
+
+import android.net.Uri;
+import android.test.AndroidTestCase;
+import android.test.suitebuilder.annotation.SmallTest;
+
+/**
+ * Test cases for {@link ContactPhotoUtils}.
+ *
+ * adb shell am instrument -w -e class com.android.contacts.util.ContactPhotoUtilsTest \
+ *   com.android.contacts.tests/android.test.InstrumentationTestRunner
+ */
+@SmallTest
+public class ContactPhotoUtilsTest extends AndroidTestCase {
+
+  private Uri tempUri;
+
+  @Override
+  protected void setUp() throws Exception {
+    tempUri = ContactPhotoUtils.generateTempImageUri(getContext());
+  }
+
+  protected void tearDown() throws Exception {
+    getContext().getContentResolver().delete(tempUri, null, null);
+  }
+
+  public void testFileUriDataPathFails() {
+    String filePath =
+        "file:///data/data/com.android.contacts/shared_prefs/com.android.contacts.xml";
+
+    assertFalse(
+        ContactPhotoUtils.savePhotoFromUriToUri(getContext(), Uri.parse(filePath), tempUri, false));
+  }
+
+  public void testFileUriCanonicalDataPathFails() {
+    String filePath =
+        "file:///storage/../data/data/com.android.contacts/shared_prefs/com.android.contacts.xml";
+
+    assertFalse(
+        ContactPhotoUtils.savePhotoFromUriToUri(getContext(), Uri.parse(filePath), tempUri, false));
+  }
+
+  public void testContentUriInternalPasses() {
+    Uri internal = ContactPhotoUtils.generateTempImageUri(getContext());
+
+    assertTrue(
+        ContactPhotoUtils.savePhotoFromUriToUri(getContext(), internal, tempUri, true));
+  }
+}
author	Gary Mai <garymai@google.com>	2018-10-30 17:50:30 -0700
committer	android-build-merger <android-build-merger@google.com>	2018-10-30 17:50:30 -0700
commit	dfea2858f5b01a2bff151a396e9e2d0789c498d0 (patch)
tree	4d5db09a9e16023fcf0c425dc6e81f36d7ad8d14 /tests/src/com
parent	e9245d1721c8d6066523f459a9fbc84da821e6ca (diff)
parent	f7a8623a09a6fe0d38b16fcfd81316f29235480d (diff)
download	Contacts-dfea2858f5b01a2bff151a396e9e2d0789c498d0.tar.gz