fix: PRODUCT-20664 protection against malicious intent (#40)

RampNetwork · Jul 25, 2024 · 3c47643 · 3c47643
2 parents 9521e24 + 5f7394a
commit 3c47643
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 13 deletions.
diff --git a/rampsdk/build.gradle b/rampsdk/build.gradle
@@ -22,8 +22,8 @@ android {
     defaultConfig {
         minSdkVersion 21
         targetSdkVersion 32
-        versionCode 19
-        versionName "4.0.0"
+        versionCode 20
+        versionName "4.0.1"
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
         consumerProguardFiles 'consumer-rules.pro'
         buildConfigField 'String', 'VERSION',  "\"${defaultConfig.versionName}\""
@@ -84,7 +84,7 @@ afterEvaluate {
                 from components.release
                 groupId = 'com.github.RampNetwork'
                 artifactId = 'ramp-sdk-android'
-                version = '4.0.0'
+                version = '4.0.1'
             }
         }
     }

diff --git a/rampsdk/src/main/java/network/ramp/sdk/ui/activity/RampWidgetActivity.kt b/rampsdk/src/main/java/network/ramp/sdk/ui/activity/RampWidgetActivity.kt
@@ -1,7 +1,6 @@
 package network.ramp.sdk.ui.activity
 
 
-import android.app.Activity
 import android.content.Intent
 import android.content.pm.PackageManager
 import android.net.Uri
@@ -65,15 +64,18 @@ internal class RampWidgetActivity : AppCompatActivity(), Contract.View {
             jsInterface = jsInterface,
             fileChooserLauncher = fileChooserLauncher
         ) { filePathCallback = it }
-        intent.extras?.getParcelable<Config>(CONFIG_EXTRA)?.let {
-            config = it
-        } ?: returnOnError("Config object cannot be null")
-
-        if (savedInstanceState == null) {
-            Timber.d(rampPresenter.buildUrl(config))
-            securityCheck(intent)?.let {
-                binding.webView.loadUrl(it)
-            } ?: close()
+        try {
+            intent.extras?.getParcelable<Config>(CONFIG_EXTRA)?.let {
+                config = it
+            } ?: returnOnError("Config object cannot be null")
+            if (savedInstanceState == null) {
+                Timber.d(rampPresenter.buildUrl(config))
+                securityCheck(intent)?.let {
+                    binding.webView.loadUrl(it)
+                } ?: close()
+            }
+        } catch (ex: Exception) {
+            returnOnError(ex.message ?: "Exception during retrieving intent data")
         }
     }