Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Network type may not be being verified in method #13

Open
amazuerar opened this issue Aug 15, 2021 · 0 comments
Open

Network type may not be being verified in method #13

amazuerar opened this issue Aug 15, 2021 · 0 comments

Comments

@amazuerar
Copy link

amazuerar commented Aug 15, 2021
edited
Loading

Dear Developer!

My name is Alejandro Mazuera-Rozo, I am a PhD Student at Universidad de los Andes, and at Università della Svizzera italiana. I am part of a research on the usage of network libraries within android apps. As a result of this we identified that there is a missing validation of network type within a method since some network operations are being performed in it. As you might know, a device can have various types of network connections. For the full list of possible network types, see https://developer.android.com/reference/android/net/ConnectivityManager. Therefore it is recommended for the app to identify the type of network available before performing a network operation.

Note: Wi-Fi is typically faster. Also, mobile data is often metered, which can get expensive. A common strategy for apps is to only fetch large data if a Wi-Fi network is available.

In order to address this issue we recommend you to visit:

  1. https://developer.android.com/training/basics/network-ops/managing
  2. https://developer.android.com/training/efficient-downloads/connectivity_patterns

Potential Code Location without Network type validation

hacs/app/src/main/kotlin/io/mainframe/hacs/cashbox/BaseCashboxTask.kt

Lines 75 to 112 in c92d4c7

override fun doInBackground(vararg params: Void?): Void? {
try {
val client = getCaCertSSLClient()
var cookie = auth.cookie
if (cookie == null) {
Logger.debug("No cookie present, do login.")
cookie = login(auth.user, auth.password)
this.createdCookie = cookie
}
client.newCall(buildRequest()).execute().use { response ->
val bodyStr = response.body!!.string()
when (response.code) {
200 -> {
Logger.debug("Got successfully cashbox data.")
this.result = handleSuccess(bodyStr)
}
403 -> {
Logger.debug("Saved Cookie is invalid, do login.")
cookie = login(auth.user, auth.password)
this.createdCookie = cookie
client.newCall(buildRequest()).execute().use { responseRetry ->
val bodyStrRetry = responseRetry.body!!.string()
Logger.debug("Got successfully cashbox data in the second attempt.")
this.result = handleSuccess(bodyStrRetry)
}
}
else -> {
throw UnexpectedResponse("Unexpected code: ${response.code}", bodyStr, response)
}
}
}
} catch (e: Exception) {
Logger.error(e, "Cashbox error: ${e.message}")
exception = e
}

Related issues: #12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@amazuerar