Skip to content

Commit

Permalink
Merge pull request #145 from Countly/push-fixes
Browse files Browse the repository at this point in the history 
Push Security: Added white list package and class names
  • Loading branch information
@ArtursKadikis
ArtursKadikis committed Sep 5, 2022
2 parents 88741d4 + 8b194a4 commit 27f88f1
Show file tree
Hide file tree
Showing 9 changed files with 215 additions and 47 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
## 22.02.3
* Added CountlyConfigPush object which is used during CountlyPush init.
* Added a way to add allowed package names for push notification intent security.
* Added a way to add allowed class names for push notification intent security.

## 22.02.2
* Added ability to record direct requests.

Expand Down
42 changes: 41 additions & 1 deletion app/src/main/java/ly/count/android/demo/ActivityExampleOthers.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@
import ly.count.android.sdk.Countly;
import ly.count.android.sdk.CountlyConfig;
import ly.count.android.sdk.DeviceIdType;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

@SuppressWarnings("UnusedParameters")
public class ActivityExampleOthers extends AppCompatActivity {
Expand Down Expand Up @@ -56,7 +59,44 @@ public void onAddDirectRequestClick(View v) {
requestMap.put("city", "Istanbul");
requestMap.put("country_code", "TR");
requestMap.put("ip_address", "41.0082,28.9784");
requestMap.put("events", "[{\"key\":\"test\",\"count\":201,\"sum\":2010,\"dur\":2010,\"segmentation\":{\"trickplay\":[{\"type\":\"FF\",\"start_time\":123456789,\"end_time\":123456789},{\"type\":\"skip\",\"start_time\":123456789,\"end_time\":123456789},{\"type\":\"resume_play\",\"start_time\":123456789,\"end_time\":123456789}]}}]");

try {
JSONObject event = new JSONObject();
event.putOpt("key", "test");
event.putOpt("count", "201");
event.putOpt("sum", "2010");
event.putOpt("dur", "2010");

JSONObject ffJson = new JSONObject();
ffJson.putOpt("type", "FF");
ffJson.putOpt("start_time", 123456789);
ffJson.putOpt("end_time", 123456789);

JSONObject skipJson = new JSONObject();
skipJson.putOpt("type", "skip");
skipJson.putOpt("start_time", 123456789);
skipJson.putOpt("end_time", 123456789);

JSONObject resumeJson = new JSONObject();
resumeJson.putOpt("type", "resume_play");
resumeJson.putOpt("start_time", 123456789);
resumeJson.putOpt("end_time", 123456789);

JSONArray trickPlay = new JSONArray();
trickPlay.put(ffJson);
trickPlay.put(skipJson);
trickPlay.put(resumeJson);

JSONObject segmentation = new JSONObject();
segmentation.putOpt("trickplay", trickPlay);
event.putOpt("segmentation", segmentation);

JSONArray events = new JSONArray();
events.put(event);
requestMap.put("events",events.toString());
} catch (JSONException e) {
e.printStackTrace();
}
Countly.sharedInstance().requestQueue().addDirectRequest(requestMap);
}

Expand Down
17 changes: 15 additions & 2 deletions app/src/main/java/ly/count/android/demo/App.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,9 @@
import com.google.android.gms.tasks.Task;

import com.google.firebase.messaging.FirebaseMessaging;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import ly.count.android.sdk.Countly;
Expand All @@ -29,6 +31,7 @@
import ly.count.android.sdk.DeviceIdType;
import ly.count.android.sdk.ModuleLog;
import ly.count.android.sdk.RemoteConfigCallback;
import ly.count.android.sdk.messaging.CountlyConfigPush;
import ly.count.android.sdk.messaging.CountlyPush;

import static ly.count.android.sdk.Countly.TAG;
Expand Down Expand Up @@ -214,8 +217,18 @@ public void callback(String error) {
Countly.sharedInstance().init(config);
//Log.i(demoTag, "After calling init. This should return 'true', the value is:" + Countly.sharedInstance().isInitialized());

CountlyPush.useAdditionalIntentRedirectionChecks = false;
CountlyPush.init(this, Countly.CountlyMessagingMode.PRODUCTION, Countly.CountlyMessagingProvider.FCM);
List<String> allowedClassNames = new ArrayList<>();
allowedClassNames.add("MainActivity");
List<String> allowedPackageNames = new ArrayList<>();
allowedPackageNames.add(getPackageName());

CountlyConfigPush countlyConfigPush = new CountlyConfigPush(this, Countly.CountlyMessagingMode.PRODUCTION)
.setProvider(Countly.CountlyMessagingProvider.FCM)
.setAllowedIntentClassNames(allowedClassNames)
.setAllowedIntentPackageNames(allowedPackageNames);

CountlyPush.useAdditionalIntentRedirectionChecks = true;
CountlyPush.init(countlyConfigPush);
CountlyPush.setNotificationAccentColor(255, 213, 89, 134);

FirebaseMessaging.getInstance().getToken()
Expand Down
2 changes: 1 addition & 1 deletion gradle.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ android.useAndroidX=true
android.enableJetifier=true

# RELEASE FIELD SECTION
VERSION_NAME=22.02.2
VERSION_NAME=22.02.3
GROUP=ly.count.android

POM_URL=https://github.com/Countly/countly-sdk-android
Expand Down
2 changes: 1 addition & 1 deletion sdk/src/androidTest/java/ly/count/android/sdk/ConnectionQueueTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -501,7 +501,7 @@ public void testPrepareCommonRequest() {
break;
case "sdk_version":
if (a == 0) {
Assert.assertTrue(pair[1].equals("22.02.2"));
Assert.assertTrue(pair[1].equals("22.02.3"));
} else if (a == 1) {
Assert.assertTrue(pair[1].equals("123sdf.v-213"));
}
Expand Down
2 changes: 1 addition & 1 deletion sdk/src/main/java/ly/count/android/sdk/Countly.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ of this software and associated documentation files (the "Software"), to deal
*/
public class Countly {

private final String DEFAULT_COUNTLY_SDK_VERSION_STRING = "22.02.2";
private final String DEFAULT_COUNTLY_SDK_VERSION_STRING = "22.02.3";

/**
* Used as request meta data on every request
Expand Down
55 changes: 55 additions & 0 deletions sdk/src/main/java/ly/count/android/sdk/messaging/CountlyConfigPush.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
package ly.count.android.sdk.messaging;

import android.app.Application;
import androidx.annotation.NonNull;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import ly.count.android.sdk.Countly;

public class CountlyConfigPush {
Application application;
Countly.CountlyMessagingMode mode;
Countly.CountlyMessagingProvider provider;
Set<String> allowedIntentClassNames = new HashSet<>();
Set<String> allowedIntentPackageNames = new HashSet<>();

public CountlyConfigPush(final Application application, Countly.CountlyMessagingMode mode) {
this.application = application;
this.mode = mode;
}

/**
* set preferred push provider
*
* @param provider
* @return Returns the same push config object for convenient linking
*/
public synchronized CountlyConfigPush setProvider(Countly.CountlyMessagingProvider provider) {
this.provider = provider;
return this;
}

/**
* set allowed intent class names
*
* @param allowedIntentClassNames
* @return Returns the same push config object for convenient linking
*/

public synchronized CountlyConfigPush setAllowedIntentClassNames(@NonNull List<String> allowedIntentClassNames) {
this.allowedIntentClassNames = new HashSet<>(allowedIntentClassNames);
return this;
}

/**
* set allowed intent package names
*
* @param allowedIntentPackageNames
* @return Returns the same push config object for convenient linking
*/
public synchronized CountlyConfigPush setAllowedIntentPackageNames(@NonNull List<String> allowedIntentPackageNames) {
this.allowedIntentPackageNames = new HashSet<>(allowedIntentPackageNames);
return this;
}
}
Loading

0 comments on commit 27f88f1

Please sign in to comment.