Skip to content
This repository has been archived by the owner on Apr 2, 2024. It is now read-only.

Commit

Permalink
Remediation for Intent Redirection Vulnerability (#4)
Browse files Browse the repository at this point in the history 
* Update build.gradle

* Small refactor

* Update SmsUserConsentPackage.kt

* Add permission to registerReceiver

SmsRetriever.SEND_PERMISSION should be included to remedy Intent Redirection Vulnerability

* guard against null intents
  • Loading branch information
@simonasdev
simonasdev authored Apr 23, 2021
1 parent 30a69da commit 5423dcb
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 26 deletions.
2 changes: 1 addition & 1 deletion android/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,5 +128,5 @@ dependencies {
api 'com.facebook.react:react-native:+'
implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
implementation "com.google.android.gms:play-services-auth:17.0.0"
implementation "com.google.android.gms:play-services-auth-api-phone:17.1.0"
implementation "com.google.android.gms:play-services-auth-api-phone:17.4.0"
}
12 changes: 4 additions & 8 deletions android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsRetrieveBroadcastReceiver.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,21 +10,17 @@ import com.google.android.gms.auth.api.phone.SmsRetriever;
import com.google.android.gms.common.api.CommonStatusCodes;
import com.google.android.gms.common.api.Status;



class SmsRetrieveBroadcastReceiver(currentActivity: Activity?): BroadcastReceiver() {


val SMS_CONSENT_REQUEST = 1244

private var activity: Activity? = currentActivity

override fun onReceive(context: Context?, intent: Intent) {
if (SmsRetriever.SMS_RETRIEVED_ACTION.equals(intent.action)) {
val extras = intent.extras
val extras = intent.extras
if (SmsRetriever.SMS_RETRIEVED_ACTION == intent.action && extras != null) {
val smsRetrieverStatus: Status = extras[SmsRetriever.EXTRA_STATUS] as Status
val statusCode: Int = smsRetrieverStatus.getStatusCode()
when (statusCode) {

when (smsRetrieverStatus.statusCode) {
CommonStatusCodes.SUCCESS -> // Get consent intent
try {
val consentIntent = extras.getParcelable<Intent>(SmsRetriever.EXTRA_CONSENT_INTENT)
Expand Down
23 changes: 9 additions & 14 deletions android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,30 +36,25 @@ class SmsUserConsentModule(reactContext: ReactApplicationContext) : ReactContext
this.promise = promise
if (reactContext?.currentActivity != null) {
val task: Task<Void> = SmsRetriever.getClient(reactContext.currentActivity!!).startSmsUserConsent(null)
task.addOnSuccessListener(object : OnSuccessListener<Void?> {
override fun onSuccess(aVoid: Void?) {
// successfully started an SMS Retriever for one SMS message
registerReceiver()
}
})
task.addOnFailureListener(object : OnFailureListener {
override fun onFailure(e: Exception) {
promise.reject(E_OTP_ERROR, e)
}
})

task.addOnSuccessListener { // successfully started an SMS Retriever for one SMS message
registerReceiver()
}
task.addOnFailureListener { e -> promise.reject(E_OTP_ERROR, e) }
}
}

@ReactMethod
fun removeOTPListener() {
unregisterReceiver()
promise = null
}

private fun registerReceiver() {
if (reactContext?.currentActivity != null) {
receiver = SmsRetrieveBroadcastReceiver(reactContext.currentActivity)
val intentFilter = IntentFilter(SmsRetriever.SMS_RETRIEVED_ACTION)
reactContext.currentActivity?.registerReceiver(receiver, intentFilter)
reactContext.currentActivity?.registerReceiver(receiver, intentFilter, SmsRetriever.SEND_PERMISSION, null)
}
}

Expand All @@ -75,9 +70,9 @@ class SmsUserConsentModule(reactContext: ReactApplicationContext) : ReactContext
when (requestCode) {
SMS_CONSENT_REQUEST -> {
unregisterReceiver()
if (resultCode == RESULT_OK) {
if (resultCode == RESULT_OK && intent != null) {
// Get SMS message content
val message = intent?.getStringExtra(SmsRetriever.EXTRA_SMS_MESSAGE)
val message = intent.getStringExtra(SmsRetriever.EXTRA_SMS_MESSAGE)
val map = Arguments.createMap()
map.putString(RECEIVED_OTP_PROPERTY, message)
promise?.resolve(map)
Expand Down
4 changes: 1 addition & 3 deletions android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentPackage.kt
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,13 @@
package ua.kyivstar.reactnativesmsuserconsent

import java.util.Arrays

import com.facebook.react.ReactPackage
import com.facebook.react.bridge.NativeModule
import com.facebook.react.bridge.ReactApplicationContext
import com.facebook.react.uimanager.ViewManager

class SmsUserConsentPackage : ReactPackage {
override fun createNativeModules(reactContext: ReactApplicationContext): List<NativeModule> {
return Arrays.asList<NativeModule>(SmsUserConsentModule(reactContext))
return listOf<NativeModule>(SmsUserConsentModule(reactContext))
}

override fun createViewManagers(reactContext: ReactApplicationContext): List<ViewManager<*, *>> {
Expand Down

0 comments on commit 5423dcb

Please sign in to comment.