Merge pull request #312 in MOBILE-SDK/app_mobile-sdk-android from MS-3958-HotFix to master

Kowshickkarthick Subramanian · Kowshickkarthick Subramanian · commit 0c816a5b60f9 · 2019-08-12T19:45:51.000Z
* commit '917a1224c42dd94e8771153c7f943b95372b224a':
  MS-3958 HotFix
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
@@ -1,3 +1,7 @@
+## 5.5.1
+### Bug Fixes/Improvements
++ MS-3958: Added Security check to see if it's a valid HTTP URL before loading it.
+
 ## 5.5
 ### New Features
 + MS-3778: Added new API to get Video Orientation for BannerVideo and Video Ads
diff --git a/sdk/build.gradle b/sdk/build.gradle
@@ -1,5 +1,5 @@
 // Project properties
-version = "5.5"
+version = "5.5.1"
 group='com.appnexus.opensdk'
 
 // Android build
@@ -9,7 +9,7 @@ android {
     compileSdkVersion 28
     buildToolsVersion '29.0.0'
     defaultConfig {
-        versionCode 58 // An integer value that represents the version of the code, relative to other versions. Increase for each release.
+        versionCode 59 // An integer value that represents the version of the code, relative to other versions. Increase for each release.
         versionName version
         consumerProguardFiles 'proguard-project.txt'
         minSdkVersion 9
diff --git a/sdk/src/com/appnexus/opensdk/AdWebView.java b/sdk/src/com/appnexus/opensdk/AdWebView.java
@@ -35,6 +35,7 @@
 import android.os.Handler;
 import android.util.DisplayMetrics;
 import android.util.Pair;
+import android.util.Patterns;
 import android.view.Gravity;
 import android.view.MotionEvent;
 import android.view.View;
@@ -73,6 +74,9 @@
 import java.io.Reader;
 import java.io.StringWriter;
 import java.io.Writer;
+import java.net.MalformedURLException;
+import java.net.URISyntaxException;
+import java.net.URL;
 import java.util.Date;
 import java.util.HashMap;
 
@@ -559,6 +563,16 @@ private boolean openNativeIntent(String url) {
         }
     }
 
+    private boolean isValidUrl(String url) {
+        try {
+            new URL(url).toURI();
+            return Patterns.WEB_URL.matcher(url).matches();
+        } catch (MalformedURLException | URISyntaxException e) {
+            e.printStackTrace();
+            return false;
+        }
+    }
+
     // returns success or failure
     private boolean checkForApp(String url) {
         if (url.contains("://play.google.com") || (!url.startsWith("http") && !url.startsWith("about:blank"))) {
@@ -605,6 +619,12 @@ void loadURLInCorrectBrowser(String url) {
                 return;
             }
 
+
+            //If it's an invalid http url return without loading it.
+            if (!isValidUrl(url)) {
+                return;
+            }
+
             try {
 
                 final WebView out;
diff --git a/sdk/src/com/appnexus/opensdk/utils/Settings.java b/sdk/src/com/appnexus/opensdk/utils/Settings.java
@@ -45,7 +45,7 @@ public class Settings {
     public boolean debug_mode = false; // This should always be false here.
     public String ua = null;
 
-    public final String sdkVersion = "5.5";
+    public final String sdkVersion = "5.5.1";
 
     public String mcc;
     public String mnc;
