.2) $QGURLG m T e4 y U ¥ b - v
34
Copyright © 2012 JPCERT/CC All rights reserved. KOF 2012 Androidセキュアコーディング のツボ 20121110 熊 裕志 [email protected] 1
Transcript of .2) $QGURLG m T e4 y U ¥ b - v
AndroidKOF 2012
Android
Copyright © 2012 JPCERT/CC All rights reserved.
JPCERT/CC
Portions of this page are modifications based on work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License.
Copyright © 2012 JPCERT/CC All rights reserved.
JPCERT/CC
JPCERT/CC
Android
Copyright © 2012 JPCERT/CC All rights reserved.
http://codezine.jp/article/detail/6495
DB
• SQLiteDatabase#openOrCreateDatabase
• Context#openOrCreateDatabase
SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(new File( "/data/data/" + getContext().getPackageName() + "/databases/", DATABASE), null);
final String sql = "" + "CREATE TABLE IF NOT EXISTS `items`(" + " `_id` INTEGER PRIMARY KEY AUTOINCREMENT," + " `title` VARCHAR(255), `description` TEXT," + " `level` INTEGER, `identifier` TEXT, `link` TEXT," + " `datetime` VARCHAR(255), `created_at` INTEGER" + ")";
db.execSQL(sql); db.close();
SampleContentProvider.java
DB
•
• DB644
Copyright © 2012 JPCERT/CC All rights reserved. 14
Context#openOrCreateDatabase
SQLiteOpenHelper
• SQLiteOpenHelper
Portions of this page are modifications based on work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License.
Copyright © 2012 JPCERT/CC All rights reserved.
WebView?
http://codezine.jp/article/detail/6618
file
HTML
xmlhttp.open( 'GET', 'file:///data/data/xxxxxxxx/databases/webview.db', false); xmlhttp.send(null); var ret = xmlhttp.responseText;
file
final String url = getIntent().getStringExtra("url");
API Level 16(Android 4.1)
file
WebView#addJavascriptInterface
addJavascriptInterface
JsObject.java
WebViewActivity.java
addJavascriptInterface
document.write(p.toString()); document.write("<br />"); document.write(s.substr(0, 100)); document.write("<br />"); for (var x = 0; x < l.size(); x++) { document.write("<br />"); document.write(l.get(x)); } document.write("<br />");
Context
Context
@goroh_kun http://ierae.co.jp/uploads/webview.pdf
addJavascriptInterface
addJavascriptInterface
1
2
Java CERT/ Oracle https://www.jpcert.or.jp/java-rules/
Android Security
Android
Copyright © 2012 JPCERT/CC All rights reserved.
JPCERT/CC
Portions of this page are modifications based on work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License.
Copyright © 2012 JPCERT/CC All rights reserved.
JPCERT/CC
JPCERT/CC
Android
Copyright © 2012 JPCERT/CC All rights reserved.
http://codezine.jp/article/detail/6495
DB
• SQLiteDatabase#openOrCreateDatabase
• Context#openOrCreateDatabase
SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(new File( "/data/data/" + getContext().getPackageName() + "/databases/", DATABASE), null);
final String sql = "" + "CREATE TABLE IF NOT EXISTS `items`(" + " `_id` INTEGER PRIMARY KEY AUTOINCREMENT," + " `title` VARCHAR(255), `description` TEXT," + " `level` INTEGER, `identifier` TEXT, `link` TEXT," + " `datetime` VARCHAR(255), `created_at` INTEGER" + ")";
db.execSQL(sql); db.close();
SampleContentProvider.java
DB
•
• DB644
Copyright © 2012 JPCERT/CC All rights reserved. 14
Context#openOrCreateDatabase
SQLiteOpenHelper
• SQLiteOpenHelper
Portions of this page are modifications based on work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License.
Copyright © 2012 JPCERT/CC All rights reserved.
WebView?
http://codezine.jp/article/detail/6618
file
HTML
xmlhttp.open( 'GET', 'file:///data/data/xxxxxxxx/databases/webview.db', false); xmlhttp.send(null); var ret = xmlhttp.responseText;
file
final String url = getIntent().getStringExtra("url");
API Level 16(Android 4.1)
file
WebView#addJavascriptInterface
addJavascriptInterface
JsObject.java
WebViewActivity.java
addJavascriptInterface
document.write(p.toString()); document.write("<br />"); document.write(s.substr(0, 100)); document.write("<br />"); for (var x = 0; x < l.size(); x++) { document.write("<br />"); document.write(l.get(x)); } document.write("<br />");
Context
Context
@goroh_kun http://ierae.co.jp/uploads/webview.pdf
addJavascriptInterface
addJavascriptInterface
1
2
Java CERT/ Oracle https://www.jpcert.or.jp/java-rules/
Android Security