Merge pull request #258 from OWASP/prerelease

Merging V3.0 Stable Code into Master

MobileShepherd/CProviderLeakage/app/src/main/res/layout/activity_main.xml

@@ -11,6 +11,7 @@
         android:layout_height="wrap_content"
         android:id="@+id/keyEditText"
         android:textColorHint="#FFFFFF"
+        android:textColor='#FFFFFF'
         android:background="@xml/edittext"
         android:layout_alignParentTop="true"
         android:layout_alignParentLeft="true"

MobileShepherd/CProviderLeakage1/.gitignore

@@ -0,0 +1,7 @@
+.gradle
+/local.properties
+/.idea/workspace.xml
+/.idea/libraries
+.DS_Store
+/build
+/captures

MobileShepherd/CProviderLeakage1/app/.gitignore

@@ -0,0 +1 @@
+/build

MobileShepherd/CProviderLeakage1/app/build.gradle

@@ -0,0 +1,25 @@
+apply plugin: 'com.android.application'
+
+android {
+    compileSdkVersion 22
+    buildToolsVersion "22.0.1"
+
+    defaultConfig {
+        applicationId "com.somewhere.hidden"
+        minSdkVersion 15
+        targetSdkVersion 22
+        versionCode 1
+        versionName "1.0"
+    }
+    buildTypes {
+        release {
+            minifyEnabled false
+            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
+        }
+    }
+}
+
+dependencies {
+    compile fileTree(dir: 'libs', include: ['*.jar'])
+    compile 'com.android.support:appcompat-v7:22.2.0'
+}

MobileShepherd/CProviderLeakage1/app/proguard-rules.pro

@@ -0,0 +1,17 @@
+# Add project specific ProGuard rules here.
+# By default, the flags in this file are appended to flags specified
+# in C:\Users\sean\AppData\Local\Android\sdk/tools/proguard/proguard-android.txt
+# You can edit the include path and order by changing the proguardFiles
+# directive in build.gradle.
+#
+# For more details, see
+#   http://developer.android.com/guide/developing/tools/proguard.html
+
+# Add any project specific keep options here:
+
+# If your project uses WebView with JS, uncomment the following
+# and specify the fully qualified class name to the JavaScript interface
+# class:
+#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
+#   public *;
+#}

MobileShepherd/CProviderLeakage1/app/src/main/AndroidManifest.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.app.module" >
+
+    <application
+        android:allowBackup="true"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:theme="@style/AppTheme" >
+        <activity
+            android:name="com.app.module.MainActivity"
+            android:label="@string/app_name" >
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+
+
+        <provider
+            android:name=".mProvider"
+            android:authorities="com.app.module.mProvider"
+            android:exported="true"
+            android:multiprocess="true" >
+        </provider>
+    </application>
+
+</manifest>

MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/MainActivity.java

@@ -0,0 +1,38 @@
+package com.app.module;
+
+import android.content.ContentValues;
+import android.net.Uri;
+import android.os.Bundle;
+import android.support.v7.app.AppCompatActivity;
+import android.view.View;
+import android.widget.EditText;
+import android.widget.Toast;
+
+
+public class MainActivity extends AppCompatActivity {
+
+    EditText keyEditText;
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        setContentView(R.layout.activity_main);
+
+        keyEditText = (EditText) findViewById(R.id.keyEditText);
+    }
+
+    public void addKey(View view) {
+
+        String key = keyEditText.getText().toString();
+
+        ContentValues values = new ContentValues();
+        values.put(mProvider.key, key);
+
+        // Provides access to other applications Content Providers
+        Uri uri = getContentResolver().insert(mProvider.CONTENT_URL, values);
+
+        Toast.makeText(getBaseContext(), "New Secret Added", Toast.LENGTH_LONG)
+                .show();
+    }
+
+}

MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java

@@ -0,0 +1,191 @@
+package com.app.module;
+
+import android.content.ContentProvider;
+import android.content.ContentUris;
+import android.content.ContentValues;
+import android.content.Context;
+import android.content.UriMatcher;
+import android.database.Cursor;
+import android.database.sqlite.SQLiteDatabase;
+import android.database.sqlite.SQLiteOpenHelper;
+import android.database.sqlite.SQLiteQueryBuilder;
+import android.net.Uri;
+import android.widget.Toast;
+
+import java.util.HashMap;
+
+
+public class mProvider extends ContentProvider {
+
+
+    static final String PROVIDER_NAME = "com.app.module.mProvider";
+
+    static final String URL = "content://" + PROVIDER_NAME + "/data";
+    static final Uri CONTENT_URL = Uri.parse(URL);
+
+    static final String id = "id";
+    static final String key = "key";
+    static final int uriCode = 1;
+
+    private static HashMap<String, String> values;
+
+    // Used to match uris with Content Providers
+    static final UriMatcher uriMatcher;
+
+    private SQLiteDatabase sqlDB;
+    static final String DATABASE_NAME = "hiddenData";
+    static final String TABLE_NAME = "keys";
+    static final int DATABASE_VERSION = 1;
+    static final String CREATE_DB_TABLE = " CREATE TABLE " + TABLE_NAME
+            + " (id INTEGER PRIMARY KEY AUTOINCREMENT, "
+            + " key TEXT NOT NULL);";
+
+
+    static {
+        uriMatcher = new UriMatcher(UriMatcher.NO_MATCH);
+        uriMatcher.addURI(PROVIDER_NAME, "data", uriCode);
+    }
+
+    @Override
+    public boolean onCreate() {
+        DatabaseHelper dbHelper = new DatabaseHelper(getContext());
+        sqlDB = dbHelper.getWritableDatabase();
+        if (sqlDB != null) {
+            return true;
+        }
+        return false;
+    }
+
+    @Override
+    public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) {
+        // Used to create a SQL query
+        SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder();
+
+        // Set table to query
+        queryBuilder.setTables(TABLE_NAME);
+
+        // Used to match uris with Content Providers
+        switch (uriMatcher.match(uri)) {
+            case uriCode:
+
+                // A projection map maps from passed column names to database column names
+                queryBuilder.setProjectionMap(values);
+                break;
+            default:
+                throw new IllegalArgumentException("Unknown URI " + uri);
+        }
+
+        // Cursor provides read and write access to the database
+        Cursor cursor = queryBuilder.query(sqlDB, projection, selection, selectionArgs, null,
+                null, sortOrder);
+
+        // Register to watch for URI changes
+        cursor.setNotificationUri(getContext().getContentResolver(), uri);
+        return cursor;
+    }
+
+    // Handles requests for the MIME type (Type of Data) of the data at the URI
+    @Override
+    public String getType(Uri uri) {
+
+        // Used to match uris with Content Providers
+        switch (uriMatcher.match(uri)) {
+
+            case uriCode:
+                return "vnd.android.cursor.dir/data";
+
+            default:
+                throw new IllegalArgumentException("Unsupported URI: " + uri);
+        }
+    }
+
+    // Used to insert a new row into the provider
+    // Receives the URI (Uniform Resource Identifier) for the Content Provider and a set of values
+    @Override
+    public Uri insert(Uri uri, ContentValues values) {
+
+        // Gets the row id after inserting a map with the keys representing the the column
+        // names and their values. The second attribute is used when you try to insert
+        // an empty row
+        long rowID = sqlDB.insert(TABLE_NAME, null, values);
+
+        // Verify a row has been added
+        if (rowID > 0) {
+
+            // Append the given id to the path and return a Builder used to manipulate URI
+            // references
+            Uri _uri = ContentUris.withAppendedId(CONTENT_URL, rowID);
+
+            // getContentResolver provides access to the content model
+            // notifyChange notifies all observers that a row was updated
+            getContext().getContentResolver().notifyChange(_uri, null);
+
+            // Return the Builder used to manipulate the URI
+            return _uri;
+        }
+        Toast.makeText(getContext(), "Row Insert Failed", Toast.LENGTH_LONG).show();
+        return null;
+    }
+
+    // Deletes a row or a selection of rows
+    @Override
+    public int delete(Uri uri, String selection, String[] selectionArgs) {
+        int rowsDeleted = 0;
+
+        // Used to match uris with Content Providers
+        switch (uriMatcher.match(uri)) {
+            case uriCode:
+                rowsDeleted = sqlDB.delete(TABLE_NAME, selection, selectionArgs);
+                break;
+            default:
+                throw new IllegalArgumentException("Unknown URI " + uri);
+        }
+
+        // getContentResolver provides access to the content model
+        // notifyChange notifies all observers that a row was updated
+        getContext().getContentResolver().notifyChange(uri, null);
+        return rowsDeleted;
+    }
+
+    // Used to update a row or a selection of rows
+    // Returns to number of rows updated
+    @Override
+    public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) {
+        int rowsUpdated = 0;
+
+        // Used to match uris with Content Providers
+        switch (uriMatcher.match(uri)) {
+            case uriCode:
+
+                // Update the row or rows of data
+                rowsUpdated = sqlDB.update(TABLE_NAME, values, selection, selectionArgs);
+                break;
+            default:
+                throw new IllegalArgumentException("Unknown URI " + uri);
+        }
+
+        // getContentResolver provides access to the content model
+        // notifyChange notifies all observers that a row was updated
+        getContext().getContentResolver().notifyChange(uri, null);
+        return rowsUpdated;
+    }
+
+    private static class DatabaseHelper extends SQLiteOpenHelper {
+        DatabaseHelper(Context context) {
+            super(context, DATABASE_NAME, null, DATABASE_VERSION);
+        }
+
+        @Override
+        public void onCreate(SQLiteDatabase sqlDB) {
+            sqlDB.execSQL(CREATE_DB_TABLE);
+        }
+
+        // Recreates the table when the database needs to be upgraded
+        @Override
+        public void onUpgrade(SQLiteDatabase sqlDB, int oldVersion, int newVersion) {
+            sqlDB.execSQL("DROP TABLE IF EXISTS " + TABLE_NAME);
+            onCreate(sqlDB);
+        }
+
+    }
+}

MobileShepherd/CProviderLeakage1/app/src/main/res/layout/activity_main.xml

@@ -0,0 +1,32 @@
+<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools" android:layout_width="match_parent"
+    android:layout_height="match_parent" android:paddingLeft="@dimen/activity_horizontal_margin"
+    android:paddingRight="@dimen/activity_horizontal_margin"
+    android:background="@mipmap/background"
+    android:paddingTop="180dp"
+    android:paddingBottom="@dimen/activity_vertical_margin" tools:context=".MainActivity">
+
+    <EditText
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:id="@+id/keyEditText"
+        android:textColorHint="#FFFFFF"
+        android:textColor="#FFFFFF"
+        android:background="@xml/edittext"
+        android:layout_alignParentTop="true"
+        android:layout_alignParentLeft="true"
+        android:layout_alignParentStart="true"
+        android:hint="Add Secret" />
+
+    <Button
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:id="@+id/addContactButton"
+        android:text="Submit Secret"
+        android:background="@xml/button"
+        android:onClick="addKey"
+        android:layout_below="@+id/keyEditText"
+        android:layout_alignParentRight="true"
+        android:layout_alignParentEnd="true" />
+
+</RelativeLayout>

MobileShepherd/CProviderLeakage1/app/src/main/res/menu/menu_main.xml

@@ -0,0 +1,6 @@
+<menu xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:app="http://schemas.android.com/apk/res-auto"
+    xmlns:tools="http://schemas.android.com/tools" tools:context=".MainActivity">
+    <item android:id="@+id/action_settings" android:title="@string/action_settings"
+        android:orderInCategory="100" app:showAsAction="never" />
+</menu>

MobileShepherd/CProviderLeakage1/app/src/main/res/values-w820dp/dimens.xml

@@ -0,0 +1,6 @@
+<resources>
+    <!-- Example customization of dimensions originally defined in res/values/dimens.xml
+         (such as screen margins) for screens with more than 820dp of available width. This
+         would include 7" and 10" devices in landscape (~960dp and ~1280dp respectively). -->
+    <dimen name="activity_horizontal_margin">64dp</dimen>
+</resources>

MobileShepherd/CProviderLeakage1/app/src/main/res/values/dimens.xml

@@ -0,0 +1,5 @@
+<resources>
+    <!-- Default screen margins, per the Android Design guidelines. -->
+    <dimen name="activity_horizontal_margin">16dp</dimen>
+    <dimen name="activity_vertical_margin">16dp</dimen>
+</resources>

MobileShepherd/CProviderLeakage1/app/src/main/res/values/strings.xml

@@ -0,0 +1,5 @@
+<resources>
+    <string name="app_name">CProviderLeakage1</string>
+
+    <string name="action_settings">Settings</string>
+</resources>

MobileShepherd/CProviderLeakage1/app/src/main/res/values/styles.xml

@@ -0,0 +1,8 @@
+<resources>
+
+    <!-- Base application theme. -->
+    <style name="AppTheme" parent="Theme.AppCompat.Light.DarkActionBar">
+        <!-- Customize your theme here. -->
+    </style>
+
+</resources>