mirror of
https://github.com/avinal/nikki.git
synced 2026-07-03 21:40:09 +05:30
Fix 5 security issues flagged in review
1. Filter injection: escape quotes/backslashes in search query before interpolating into API filter parameter 2. Backup data leak: configure backup_rules.xml and data_extraction_rules.xml to exclude sharedprefs, database, and datastore files from cloud backup and device transfer 3. Cleartext traffic: add network_security_config.xml with cleartextTrafficPermitted=false, referenced from manifest 4. Debug logging: remove all Log.d() calls from TaskCheckWorker, DirectAlarmScheduler, TaskReminderReceiver that logged task content and scheduling details 5. Token obfuscation: XOR + Base64 obfuscation for credentials stored in DataStore. Prefixed with "OBF:" for seamless migration of existing plaintext values on next login. Not cryptographic — prevents casual file inspection. Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com> Co-Authored-By: Claude Opus 4.6 (1M context)
This commit is contained in:
@@ -12,6 +12,7 @@
|
||||
|
||||
<application
|
||||
android:allowBackup="true"
|
||||
android:networkSecurityConfig="@xml/network_security_config"
|
||||
android:dataExtractionRules="@xml/data_extraction_rules"
|
||||
android:fullBackupContent="@xml/backup_rules"
|
||||
android:icon="@mipmap/ic_launcher"
|
||||
|
||||
@@ -7,13 +7,10 @@ import com.avinal.memos.notifications.TaskNotificationManager
|
||||
|
||||
class TaskReminderReceiver : BroadcastReceiver() {
|
||||
override fun onReceive(context: Context, intent: Intent) {
|
||||
android.util.Log.d("TaskReminderReceiver", "onReceive fired!")
|
||||
val taskText = intent.getStringExtra("task_text") ?: "Task reminder"
|
||||
val dueLabel = intent.getStringExtra("due_label") ?: "due"
|
||||
val notificationId = intent.getIntExtra("notification_id", 0)
|
||||
val priority = intent.getIntExtra("priority", 0)
|
||||
|
||||
android.util.Log.d("TaskReminderReceiver", "Showing: $taskText - $dueLabel (p=$priority, id=$notificationId)")
|
||||
TaskNotificationManager.createChannels(context)
|
||||
TaskNotificationManager.showTaskNotification(
|
||||
context = context,
|
||||
|
||||
@@ -1,13 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?><!--
|
||||
Sample backup rules file; uncomment and customize as necessary.
|
||||
See https://developer.android.com/guide/topics/data/autobackup
|
||||
for details.
|
||||
Note: This file is ignored for devices older than API 31
|
||||
See https://developer.android.com/about/versions/12/backup-restore
|
||||
-->
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<full-backup-content>
|
||||
<!--
|
||||
<include domain="sharedpref" path="."/>
|
||||
<exclude domain="sharedpref" path="device.xml"/>
|
||||
-->
|
||||
</full-backup-content>
|
||||
<exclude domain="sharedpref" path="." />
|
||||
<exclude domain="database" path="." />
|
||||
<exclude domain="file" path="datastore/" />
|
||||
</full-backup-content>
|
||||
|
||||
@@ -1,19 +1,13 @@
|
||||
<?xml version="1.0" encoding="utf-8"?><!--
|
||||
Sample data extraction rules file; uncomment and customize as necessary.
|
||||
See https://developer.android.com/about/versions/12/backup-restore#xml-changes
|
||||
for details.
|
||||
-->
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<data-extraction-rules>
|
||||
<cloud-backup>
|
||||
<!-- TODO: Use <include> and <exclude> to control what is backed up.
|
||||
<include .../>
|
||||
<exclude .../>
|
||||
-->
|
||||
<exclude domain="sharedpref" path="." />
|
||||
<exclude domain="database" path="." />
|
||||
<exclude domain="file" path="datastore/" />
|
||||
</cloud-backup>
|
||||
<!--
|
||||
<device-transfer>
|
||||
<include .../>
|
||||
<exclude .../>
|
||||
<exclude domain="sharedpref" path="." />
|
||||
<exclude domain="database" path="." />
|
||||
<exclude domain="file" path="datastore/" />
|
||||
</device-transfer>
|
||||
-->
|
||||
</data-extraction-rules>
|
||||
</data-extraction-rules>
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<network-security-config>
|
||||
<base-config cleartextTrafficPermitted="false" />
|
||||
</network-security-config>
|
||||
Reference in New Issue
Block a user