Skip to content

Instantly share code, notes, and snippets.

@mister11
Created February 27, 2019 16:06
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save mister11/7ff029daae811859f4003814eb19e6ec to your computer and use it in GitHub Desktop.
class ExportedActivityDetector : Detector(), Detector.XmlScanner {
override fun getApplicableAttributes() = listOf("exported")
override fun visitAttribute(context: XmlContext, attribute: Attr) {
if (attribute.isParentActivity() && attribute.value == "true") {
val location = context.getLocation(attribute)
context.report(
issue = ISSUE_EXPORTED_ACTIVITY,
scope = attribute,
message = ISSUE_EXPORTED_ACTIVITY.getBriefDescription(TextFormat.TEXT),
location = location,
quickfixData = quickFix(location)
)
}
}
private fun quickFix(location: Location): LintFix? {
return fix().name("Remove attribute")
.replace()
.range(location)
.all()
.with("")
.reformat(true)
.build()
}
private fun Attr.isParentActivity() = ownerElement?.nodeName == "activity"
}
val ISSUE_EXPORTED_ACTIVITY = Issue.create(
id = "ExportedActivity",
briefDescription = "<activity> is accessible by other applications",
explanation = """
This attribute allows other applications to open the activity which
is probably something you do not want. If you are using intent-filters
they automatically export the activity.
""".trimIndent(),
category = Category.CORRECTNESS,
priority = 7,
severity = Severity.ERROR,
implementation = Implementation(
ExportedActivityDetector::class.java,
Scope.MANIFEST_SCOPE
)
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment