微博sdk组件导出测试本地拒绝服务测试

2022-07-16 17:35:34 浏览数 (1)

前言

测试的时候发现一个微博组件导出导致拒绝服务的问题,现测试哪个版本没有这个问题。

代码

代码语言:javascript复制
public class LoginActivity extends AppCompatActivity {

    private SsoHandler mSsoHandler;
    private Oauth2AccessToken mAccessToken;

    @Override
    protected void onCreate(@Nullable Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_login);
        initWeiBoSDK();
        mSsoHandler = new SsoHandler(this);
        loginIn();
    }

    private void initWeiBoSDK() {
        AuthInfo mAuthInfo = new AuthInfo(this, "你的appkey", "https://api.weibo.com/oauth2/default.html",
                "email,direct_messages_read,direct_messages_write,"
                          "friendships_groups_read,friendships_groups_write,statuses_to_me_read,"
                          "follow_app_official_microblog,"   "invitation_write");
        WbSdk.install(this,mAuthInfo);
    }

    private void loginIn() {

        mSsoHandler. authorize(new WbAuthListener());
    }

    private class WbAuthListener implements com.sina.weibo.sdk.auth.WbAuthListener{

        @Override
        public void onSuccess(final Oauth2AccessToken token) {
            runOnUiThread(new Runnable() {
                @Override
                public void run() {
                    mAccessToken = token;
                    if (mAccessToken.isSessionValid()) {

                    }
                }
            });
        }

        @Override
        public void cancel() {

        }

        @Override
        public void onFailure(WbConnectErrorMessage errorMessage) {

        }
    }

    @Override
    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
        super.onActivityResult(requestCode, resultCode, data);
        if (mSsoHandler != null) {
            mSsoHandler.authorizeCallBack(requestCode, resultCode, data);
        }
    }
}

微博sdk本地拒绝服务影响版本 compile 'com.sina.weibo.sdk:core:4.1.0:openDefaultRelease@aar' 现升级到 compile 'com.sina.weibo.sdk:core:4.4.1:openDefaultRelease@aar' 没有这个问题

漏洞证明:

代码语言:javascript复制
adb shell am start com.demo.sinaweibosdk_test/com.sina.weibo.sdk.share.WbShareTransActivity

扫描打包后的apk: 存在一处导出

代码语言:javascript复制
adb shell am start com.demo.sinaweibosdk_test/com.sina.weibo.sdk.share.WbShareResultActivity

测试后已经不存在崩溃了

CODE

sinaweibosdk_test

0 人点赞