Merge changes from topic "jp-oreo-mr1" into oreo-mr1-cts-dev

* changes: RESTRICT AUTOMERGE (CTS) Do not linkify text with RLO/LRO characters. RESTRICT AUTOMERGE Add CTS test for Magellan SQLite Security Vulnerability.
author: Treehugger Robot <treehugger-gerrit@google.com> 2019-03-15 20:19:03 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2019-03-15 20:19:03 +0000
commit: ff34c0af655fea053fb2a111669f716a818cb316 (patch)
tree: 9d55e2a8df4acf668e6b26fc693a131953d7e5e8
parent: abf956069bed685ca58fe8e54599a78212f57d42 (diff)
parent: 368b8f1d4b4a2515d445975af551917e77e5fa3b (diff)
download: platform_cts-ff34c0af655fea053fb2a111669f716a818cb316.tar.gz
platform_cts-ff34c0af655fea053fb2a111669f716a818cb316.tar.bz2
platform_cts-ff34c0af655fea053fb2a111669f716a818cb316.zip
2 files changed, 163 insertions, 0 deletions
diff --git a/tests/tests/database/src/android/database/sqlite/cts/SQLiteSecurityTest.java b/tests/tests/database/src/android/database/sqlite/cts/SQLiteSecurityTest.java
new file mode 100644
index 00000000000..c34a5f53ae9
--- /dev/null
+++ b/tests/tests/database/src/android/database/sqlite/cts/SQLiteSecurityTest.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.database.sqlite.cts;
+
+
+import android.content.Context;
+import android.database.sqlite.SQLiteDatabase;
+import android.database.sqlite.SQLiteDatabaseCorruptException;
+import android.test.AndroidTestCase;
+
+/**
+ * This CTS test verifies Magellan SQLite Security Vulnerability.
+ * Without the fix, the last statement in each test case triggers a segmentation fault and the test
+ * fails.
+ * With the fix, the last statement in each test case triggers SQLiteDatabaseCorruptException with
+ * message "database disk image is malformed (code 267 SQLITE_CORRUPT_VTAB)", this is expected
+ * behavior that we are crashing and we are not leaking data.
+ */
+public class SQLiteSecurityTest extends AndroidTestCase {
+    private static final String DATABASE_NAME = "database_test.db";
+
+    private SQLiteDatabase mDatabase;
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        getContext().deleteDatabase(DATABASE_NAME);
+        mDatabase = getContext().openOrCreateDatabase(DATABASE_NAME, Context.MODE_PRIVATE,
+              null);
+        assertNotNull(mDatabase);
+    }
+
+    @Override
+    protected void tearDown() throws Exception {
+        mDatabase.close();
+        getContext().deleteDatabase(DATABASE_NAME);
+
+        super.tearDown();
+    }
+
+    public void testScript1() {
+        mDatabase.beginTransaction();
+        mDatabase.execSQL("CREATE VIRTUAL TABLE ft USING fts3;");
+        mDatabase.execSQL("INSERT INTO ft_content VALUES(1,'aback');");
+        mDatabase.execSQL("INSERT INTO ft_content VALUES(2,'abaft');");
+        mDatabase.execSQL("INSERT INTO ft_content VALUES(3,'abandon');");
+        mDatabase.execSQL("INSERT INTO ft_segdir VALUES(0,0,0,0,'0 29',X"
+            + "'0005616261636b03010200ffffffff070266740302020003046e646f6e03030200');");
+        mDatabase.setTransactionSuccessful();
+        mDatabase.endTransaction();
+        try {
+            mDatabase.execSQL("SELECT * FROM ft WHERE ft MATCH 'abandon';");
+        } catch (SQLiteDatabaseCorruptException e) {
+            return;
+        }
+        fail("Expecting a SQLiteDatabaseCorruptException");
+    }
+
+    public void testScript2() {
+      mDatabase.beginTransaction();
+      mDatabase.execSQL("CREATE VIRTUAL TABLE ft USING fts3;");
+      mDatabase.execSQL("INSERT INTO ft_segments VALUES(1,"
+          + "X'0004616263300301020003013103020200040130030b0200040131030c0200');");
+      mDatabase.execSQL("INSERT INTO ft_segments VALUES(2,"
+          + "X'00056162633132030d0200040133030e0200040134030f020004013503100200');");
+      mDatabase.execSQL("INSERT INTO ft_segments VALUES(3,"
+          + "X'0005616263313603110200040137031202000401380313020004013903140200');");
+      mDatabase.execSQL("INSERT INTO ft_segments VALUES(4,"
+          + "X'00046162633203030200030133030402000301340305020003013503060200');");
+      mDatabase.execSQL("INSERT INTO ft_segments VALUES(5,"
+          + "X'000461626336030702000301370308020003013803090200030139030a0200');");
+      mDatabase.execSQL("INSERT INTO ft_segdir "
+          + "VALUES(0,0,1,5,'5 157',X'0101056162633132ffffffff070236030132030136');");
+      mDatabase.setTransactionSuccessful();
+      mDatabase.endTransaction();
+      try {
+          mDatabase.execSQL("SELECT * FROM ft WHERE ft MATCH 'abc20';");
+      } catch (SQLiteDatabaseCorruptException e) {
+          return;
+      }
+      fail("Expecting a SQLiteDatabaseCorruptException");
+    }
+
+    public void testScript3() {
+      mDatabase.beginTransaction();
+      mDatabase.execSQL("CREATE VIRTUAL TABLE ft USING fts4;");
+      mDatabase.execSQL("INSERT INTO ft_segments VALUES"
+          + "(1,X'00046162633003010200040178030202000501780303020003013103040200');");
+      mDatabase.execSQL("INSERT INTO ft_segments VALUES"
+          + "(2,X'00056162633130031f0200ffffffff07ff5566740302020003046e646f6e03030200');");
+      mDatabase.execSQL("INSERT INTO ft_segments VALUES(384,NULL);");
+      mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+          + "(0,0,0,0,'0 24',X'000561626331780305020005017803060200');");
+      mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+          + " (0,1,0,0,'0 24',X'000461626332030702000401780308020005017803090200');");
+      mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+          + "(0,2,0,0,'0 24',X'000461626333030a0200040178030b0200050178030c0200');");
+      mDatabase.execSQL("INSERT INTO ft_segdir VALUES" +
+          "(0,3,0,0,'0 24',X'000461626334030d0200040178030e0200050178030f0200');");
+      mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+          + "(0,4,0,0,'0 24',X'000461626335031002000401780311020005017803120200');");
+      mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+          + "(0,5,0,0,'0 24',X'000461626336031302000401780314020005017803150200');");
+      mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+          + "(0,6,0,0,'0 24',X'000461626337031602000401780317020005017803180200');");
+      mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+          + "(0,7,0,0,'0 24',X'00046162633803190200040178031a0200050178031b0200');");
+      mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+          + "(0,8,0,0,'0 24',X'000461626339031c0200040178031d0200050178031e0200');");
+      mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+          + "(0,9,0,0,'0 25',X'00066162633130780320020006017803210200');");
+      mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+          + "(0,10,0,0,'0 25',X'00056162633131032202000501780323020006017803240200');");
+      mDatabase.execSQL("INSERT INTO ft_segdir VALUES(1,0,1,2,'384 -42',X'0101056162633130');");
+      mDatabase.execSQL("INSERT INTO ft_stat VALUES(1,X'000b');");
+      mDatabase.execSQL("PRAGMA writable_schema=OFF;");
+      mDatabase.setTransactionSuccessful();
+      mDatabase.endTransaction();
+      try {
+          mDatabase.execSQL("INSERT INTO ft(ft) VALUES('merge=1,4');");
+      } catch (SQLiteDatabaseCorruptException e) {
+          return;
+      }
+      fail("Expecting a SQLiteDatabaseCorruptException");
+    }
+}
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/tests/text/src/android/text/util/cts/LinkifyTest.java b/tests/tests/text/src/android/text/util/cts/LinkifyTest.java
index 69956da8b99..e1c4742de0a 100644
--- a/tests/tests/text/src/android/text/util/cts/LinkifyTest.java
+++ b/tests/tests/text/src/android/text/util/cts/LinkifyTest.java
@@ -934,6 +934,17 @@ public class LinkifyTest {
                 domain.length(), email);
     }
 
+    @Test
+    public void testAddLinks_unsupportedCharacters() {
+        String url = "moc.diordna.com";
+        verifyAddLinksWithWebUrlSucceeds(url + " should be linkified", url);
+
+        verifyAddLinksWithWebUrlFails("u202C character should not be linkified", "\u202C" + url);
+        verifyAddLinksWithWebUrlFails("u202D character should not be linkified", url + "\u202D");
+        verifyAddLinksWithWebUrlFails(
+                "u202E character should not be linkified", url + "moc\u202E.diordna.com");
+    }
+
     // Utility functions
     private static void verifyAddLinksWithWebUrlSucceeds(String msg, String url) {
         verifyAddLinksSucceeds(msg, url, Linkify.WEB_URLS);
author	Treehugger Robot <treehugger-gerrit@google.com>	2019-03-15 20:19:03 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2019-03-15 20:19:03 +0000
commit	ff34c0af655fea053fb2a111669f716a818cb316 (patch)
tree	9d55e2a8df4acf668e6b26fc693a131953d7e5e8
parent	abf956069bed685ca58fe8e54599a78212f57d42 (diff)
parent	368b8f1d4b4a2515d445975af551917e77e5fa3b (diff)
download	platform_cts-ff34c0af655fea053fb2a111669f716a818cb316.tar.gz platform_cts-ff34c0af655fea053fb2a111669f716a818cb316.tar.bz2 platform_cts-ff34c0af655fea053fb2a111669f716a818cb316.zip