diff options
| author | Tim Yu <yunicorn@google.com> | 2023-11-28 18:36:18 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2023-11-28 18:36:18 +0000 |
| commit | e94b0a7fa6e1aca04b8ccbf15eea6f1099c07916 (patch) | |
| tree | 0b9eddb9ce0fa11eb1c377a9117c9f865fba6be7 | |
| parent | be2061f22302fe3d2d0aa3524a1d0e427f8c0501 (diff) | |
| parent | 758c857456f6126b1080f63707f55b6484f925c3 (diff) | |
| download | cts-e94b0a7fa6e1aca04b8ccbf15eea6f1099c07916.tar.gz | |
Merge "[RESTRICT AUTOMERGE] Autofill add STS tests to guard against RemoteView spills" into udc-dev
| -rw-r--r-- | tests/autofillservice/src/android/autofillservice/cts/saveui/CustomDescriptionTest.java | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/tests/autofillservice/src/android/autofillservice/cts/saveui/CustomDescriptionTest.java b/tests/autofillservice/src/android/autofillservice/cts/saveui/CustomDescriptionTest.java index d1fe8325175..4bab2f3381d 100644 --- a/tests/autofillservice/src/android/autofillservice/cts/saveui/CustomDescriptionTest.java +++ b/tests/autofillservice/src/android/autofillservice/cts/saveui/CustomDescriptionTest.java @@ -30,7 +30,9 @@ import android.autofillservice.cts.activities.LoginActivity; import android.autofillservice.cts.commontests.AbstractLoginActivityTestCase; import android.autofillservice.cts.testcore.CannedFillResponse; import android.autofillservice.cts.testcore.Visitor; +import android.graphics.drawable.Icon; import android.platform.test.annotations.AppModeFull; +import android.platform.test.annotations.AsbSecurityTest; import android.service.autofill.BatchUpdates; import android.service.autofill.CharSequenceTransformation; import android.service.autofill.CustomDescription; @@ -98,6 +100,63 @@ public class CustomDescriptionTest extends AbstractLoginActivityTestCase { } @Test + @AsbSecurityTest(cveBugId = 286235483) + public void testRemoteViewsDoNotSpill() throws Exception { + enableService(); + final RemoteViews regularPresentation = newTemplate(R.layout.two_horizontal_text_fields); + RemoteViews badPresentation = newTemplate(R.layout.two_horizontal_text_fields); + // Try to access a resource that is not owned by the user + // In this case, the URI doesn't exist + badPresentation.setImageViewIcon( + R.id.icon, + Icon.createWithContentUri("content://10@com.android.contacts/display_photo/1")); + badPresentation.setTextViewText(R.id.first, "do not display"); + + sReplier.addResponse( + new CannedFillResponse.Builder() + .setRequiredSavableIds(SAVE_DATA_TYPE_GENERIC, ID_USERNAME) + .setSaveInfoVisitor( + (contexts, builder) -> { + final AutofillId usernameId = + findAutofillIdByResourceId( + contexts.get(0), ID_USERNAME); + + // Validator for sanitization + final Validator validCondition = + new RegexValidator( + usernameId, Pattern.compile("hello")); + final CustomDescription customDescription = + new CustomDescription.Builder(regularPresentation) + .batchUpdate( + validCondition, + new BatchUpdates.Builder() + .updateTemplate(badPresentation) + .build()) + .build(); + + builder.addSanitizer( + new TextValueSanitizer( + Pattern.compile("world"), "hello"), + usernameId) + .setCustomDescription(customDescription); + }) + .build()); + + // Trigger autofill with custom description + mActivity.onPassword(View::requestFocus); + + // Wait for onFill() before proceeding. + sReplier.getNextFillRequest(); + + // Trigger save. + mActivity.onUsername((v) -> v.setText("world")); + mActivity.onPassword((v) -> v.setText(LoginActivity.BACKDOOR_PASSWORD_SUBSTRING)); + mActivity.tapLogin(); + + mUiBot.assertSaveNotShowing(1); + } + + @Test public void testSanitizationBeforeBatchUpdates() throws Exception { enableService(); |