前言
测试的时候发现一个微博组件导出导致拒绝服务的问题,现测试哪个版本没有这个问题。
代码
代码语言:javascript复制public class LoginActivity extends AppCompatActivity {
private SsoHandler mSsoHandler;
private Oauth2AccessToken mAccessToken;
@Override
protected void onCreate(@Nullable Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_login);
initWeiBoSDK();
mSsoHandler = new SsoHandler(this);
loginIn();
}
private void initWeiBoSDK() {
AuthInfo mAuthInfo = new AuthInfo(this, "你的appkey", "https://api.weibo.com/oauth2/default.html",
"email,direct_messages_read,direct_messages_write,"
"friendships_groups_read,friendships_groups_write,statuses_to_me_read,"
"follow_app_official_microblog," "invitation_write");
WbSdk.install(this,mAuthInfo);
}
private void loginIn() {
mSsoHandler. authorize(new WbAuthListener());
}
private class WbAuthListener implements com.sina.weibo.sdk.auth.WbAuthListener{
@Override
public void onSuccess(final Oauth2AccessToken token) {
runOnUiThread(new Runnable() {
@Override
public void run() {
mAccessToken = token;
if (mAccessToken.isSessionValid()) {
}
}
});
}
@Override
public void cancel() {
}
@Override
public void onFailure(WbConnectErrorMessage errorMessage) {
}
}
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if (mSsoHandler != null) {
mSsoHandler.authorizeCallBack(requestCode, resultCode, data);
}
}
}
微博sdk本地拒绝服务影响版本
compile 'com.sina.weibo.sdk:core:4.1.0:openDefaultRelease@aar'
现升级到
compile 'com.sina.weibo.sdk:core:4.4.1:openDefaultRelease@aar'
没有这个问题
漏洞证明:
代码语言:javascript复制adb shell am start com.demo.sinaweibosdk_test/com.sina.weibo.sdk.share.WbShareTransActivity
扫描打包后的apk: 存在一处导出
代码语言:javascript复制adb shell am start com.demo.sinaweibosdk_test/com.sina.weibo.sdk.share.WbShareResultActivity
测试后已经不存在崩溃了
CODE
sinaweibosdk_test