1 34
100%
Actual Size
Fit Width
Fit Height
Fit Page
Automatic
Copyright © 2012 JPCERT/CC All rights reserved. KOF 2012 Androidセキュアコーディング のツボ 20121110 熊 裕志 [email protected] 1
2) $QGURLG m T e4 y U ¥ b - v
Upload
others
View
2
Download
0
Embed Size (px)
344 x 292
429 x 357
514 x 422
599 x 487
Citation preview
AndroidKOF 2012
Android
Copyright © 2012 JPCERT/CC All rights reserved.
JPCERT/CC
Portions of this page are modifications based on work created and
shared by Google and used according to terms described in the
Creative Commons 3.0 Attribution License.
Copyright © 2012 JPCERT/CC All rights reserved.
JPCERT/CC
JPCERT/CC
Android
Copyright © 2012 JPCERT/CC All rights reserved.
http://codezine.jp/article/detail/6495
DB
• SQLiteDatabase#openOrCreateDatabase
• Context#openOrCreateDatabase
SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(new File(
"/data/data/" + getContext().getPackageName() + "/databases/",
DATABASE), null);
final String sql = "" + "CREATE TABLE IF NOT EXISTS `items`(" + "
`_id` INTEGER PRIMARY KEY AUTOINCREMENT," + " `title` VARCHAR(255),
`description` TEXT," + " `level` INTEGER, `identifier` TEXT, `link`
TEXT," + " `datetime` VARCHAR(255), `created_at` INTEGER" +
")";
db.execSQL(sql); db.close();
SampleContentProvider.java
DB
•
• DB644
Copyright © 2012 JPCERT/CC All rights reserved. 14
Context#openOrCreateDatabase
SQLiteOpenHelper
• SQLiteOpenHelper
Portions of this page are modifications based on work created and
shared by Google and used according to terms described in the
Creative Commons 3.0 Attribution License.
Copyright © 2012 JPCERT/CC All rights reserved.
WebView?
http://codezine.jp/article/detail/6618
file
HTML
xmlhttp.open( 'GET',
'file:///data/data/xxxxxxxx/databases/webview.db', false);
xmlhttp.send(null); var ret = xmlhttp.responseText;
file
final String url = getIntent().getStringExtra("url");
API Level 16(Android 4.1)
file
WebView#addJavascriptInterface
addJavascriptInterface
JsObject.java
WebViewActivity.java
addJavascriptInterface
document.write(p.toString()); document.write("<br />");
document.write(s.substr(0, 100)); document.write("<br />");
for (var x = 0; x < l.size(); x++) { document.write("<br
/>"); document.write(l.get(x)); } document.write("<br
/>");
Context
Context
@goroh_kun http://ierae.co.jp/uploads/webview.pdf
addJavascriptInterface
addJavascriptInterface
1
2
Java CERT/ Oracle
https://www.jpcert.or.jp/java-rules/
Android Security
LOAD MORE