微博sdk组件导出测试本地拒绝服务测试
微博sdk组件导出测试本地拒绝服务测试
tea9
发布于 2022-07-16 09:35:34
发布于 2022-07-16 09:35:34
代码可运行
运行总次数:0
代码可运行
前言
测试的时候发现一个微博组件导出导致拒绝服务的问题,现测试哪个版本没有这个问题。
代码
public class LoginActivity extends AppCompatActivity {
private SsoHandler mSsoHandler;
private Oauth2AccessToken mAccessToken;
@Override
protected void onCreate(@Nullable Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_login);
initWeiBoSDK();
mSsoHandler = new SsoHandler(this);
loginIn();
}
private void initWeiBoSDK() {
AuthInfo mAuthInfo = new AuthInfo(this, "你的appkey", "https://api.weibo.com/oauth2/default.html",
"email,direct_messages_read,direct_messages_write,"
+ "friendships_groups_read,friendships_groups_write,statuses_to_me_read,"
+ "follow_app_official_microblog," + "invitation_write");
WbSdk.install(this,mAuthInfo);
}
private void loginIn() {
mSsoHandler. authorize(new WbAuthListener());
}
private class WbAuthListener implements com.sina.weibo.sdk.auth.WbAuthListener{
@Override
public void onSuccess(final Oauth2AccessToken token) {
runOnUiThread(new Runnable() {
@Override
public void run() {
mAccessToken = token;
if (mAccessToken.isSessionValid()) {
}
}
});
}
@Override
public void cancel() {
}
@Override
public void onFailure(WbConnectErrorMessage errorMessage) {
}
}
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if (mSsoHandler != null) {
mSsoHandler.authorizeCallBack(requestCode, resultCode, data);
}
}
}微博sdk本地拒绝服务影响版本
compile 'com.sina.weibo.sdk:core:4.1.0:openDefaultRelease@aar'
现升级到
compile 'com.sina.weibo.sdk:core:4.4.1:openDefaultRelease@aar' 没有这个问题
漏洞证明:
adb shell am start com.demo.sinaweibosdk_test/com.sina.weibo.sdk.share.WbShareTransActivity
扫描打包后的apk: 存在一处导出
adb shell am start com.demo.sinaweibosdk_test/com.sina.weibo.sdk.share.WbShareResultActivity测试后已经不存在崩溃了
CODE
本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
腾讯云开发者
