Merge pull request #343 from loki-project/tapjacking

Guard Against Tapjacking
This commit is contained in:
Niels Andriesse 2020-09-17 17:09:18 +10:00 committed by GitHub
commit 4075603714
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 105 additions and 25 deletions

View File

@ -30,7 +30,7 @@
android:textColor="@color/text"
android:text="@string/activity_register_explanation" />
<TextView
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
style="@style/SessionIDTextView"
android:id="@+id/publicKeyTextView"
android:layout_width="match_parent"
@ -54,7 +54,7 @@
android:layout_marginRight="@dimen/massive_spacing"
android:text="@string/continue_2" />
<Button
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
style="@style/Widget.Session.Button.Common.ProminentOutline"
android:id="@+id/copyButton"
android:layout_width="match_parent"

View File

@ -36,7 +36,7 @@
android:textColor="@color/text"
android:text="@string/activity_seed_explanation" />
<TextView
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
style="@style/SessionIDTextView"
android:id="@+id/seedTextView"
android:layout_width="match_parent"
@ -49,7 +49,7 @@
android:textAlignment="center"
android:text="nautical novelty populate onion awkward bent etiquette plant submarine itches vipers september axis maximum populate" />
<TextView
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
android:id="@+id/revealButton"
android:layout_width="match_parent"
android:layout_height="wrap_content"
@ -65,7 +65,7 @@
android:layout_height="0dp"
android:layout_weight="1"/>
<Button
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
style="@style/Widget.Session.Button.Common.ProminentOutline"
android:id="@+id/copyButton"
android:layout_width="196dp"

View File

@ -14,7 +14,7 @@
android:background="?android:dividerHorizontal"
android:elevation="1dp" />
<EditText
<org.thoughtcrime.securesms.loki.views.TapJackingProofEditText
style="@style/SessionEditText"
android:id="@+id/publicKeyEditText"
android:layout_width="match_parent"
@ -50,7 +50,7 @@
android:layout_marginTop="@dimen/large_spacing"
android:layout_marginRight="@dimen/large_spacing" />
<TextView
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
android:id="@+id/publicKeyTextView"
android:layout_width="match_parent"
android:layout_height="wrap_content"
@ -71,7 +71,7 @@
android:layout_marginRight="@dimen/large_spacing"
android:orientation="horizontal">
<Button
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
style="@style/Widget.Session.Button.Common.UnimportantFilled"
android:id="@+id/copyButton"
android:layout_width="0dp"
@ -79,7 +79,7 @@
android:layout_weight="1"
android:text="@string/copy" />
<Button
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
style="@style/Widget.Session.Button.Common.UnimportantFilled"
android:id="@+id/shareButton"
android:layout_width="0dp"

View File

@ -30,7 +30,7 @@
android:textColor="@color/text"
android:text="@string/activity_register_explanation" />
<TextView
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
style="@style/SessionIDTextView"
android:id="@+id/publicKeyTextView"
android:layout_width="match_parent"
@ -55,7 +55,7 @@
android:layout_marginRight="@dimen/massive_spacing"
android:text="@string/continue_2" />
<Button
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
style="@style/Widget.Session.Button.Common.ProminentOutline"
android:id="@+id/copyButton"
android:layout_width="match_parent"

View File

@ -36,7 +36,7 @@
android:textColor="@color/text"
android:text="@string/activity_seed_explanation" />
<TextView
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
style="@style/SessionIDTextView"
android:id="@+id/seedTextView"
android:layout_width="match_parent"
@ -49,7 +49,7 @@
android:textAlignment="center"
android:text="nautical novelty populate onion awkward bent etiquette plant submarine itches vipers september axis maximum populate" />
<TextView
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
android:id="@+id/revealButton"
android:layout_width="match_parent"
android:layout_height="wrap_content"
@ -66,7 +66,7 @@
android:layout_height="0dp"
android:layout_weight="1"/>
<Button
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
style="@style/Widget.Session.Button.Common.ProminentOutline"
android:id="@+id/copyButton"
android:layout_width="196dp"

View File

@ -20,7 +20,7 @@
android:textAlignment="center"
android:textSize="@dimen/medium_font_size" />
<TextView
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
style="@style/SessionIDTextView"
android:id="@+id/seedTextView"
android:layout_width="wrap_content"
@ -56,7 +56,7 @@
android:layout_weight="1"
android:text="@string/cancel" />
<Button
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
style="@style/Widget.Session.Button.Dialog.Unimportant"
android:id="@+id/copyButton"
android:layout_width="0dp"

View File

@ -13,7 +13,7 @@
android:background="?android:dividerHorizontal"
android:elevation="1dp" />
<EditText
<org.thoughtcrime.securesms.loki.views.TapJackingProofEditText
style="@style/SmallSessionEditText"
android:id="@+id/publicKeyEditText"
android:layout_width="match_parent"
@ -49,7 +49,7 @@
android:layout_marginTop="@dimen/large_spacing"
android:layout_marginRight="@dimen/large_spacing" />
<TextView
<org.thoughtcrime.securesms.loki.views.TapJackingProofTextView
android:id="@+id/publicKeyTextView"
android:layout_width="match_parent"
android:layout_height="wrap_content"
@ -70,7 +70,7 @@
android:layout_marginRight="@dimen/large_spacing"
android:orientation="horizontal">
<Button
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
style="@style/Widget.Session.Button.Common.UnimportantFilled"
android:id="@+id/copyButton"
android:layout_width="0dp"
@ -78,7 +78,7 @@
android:layout_weight="1"
android:text="@string/copy" />
<Button
<org.thoughtcrime.securesms.loki.views.TapJackingProofButton
style="@style/Widget.Session.Button.Common.UnimportantFilled"
android:id="@+id/shareButton"
android:layout_width="0dp"

View File

@ -89,6 +89,7 @@ import org.thoughtcrime.securesms.linkpreview.LinkPreviewUtil;
import org.thoughtcrime.securesms.logging.Log;
import org.thoughtcrime.securesms.loki.utilities.MentionUtilities;
import org.thoughtcrime.securesms.loki.views.ProfilePictureView;
import org.thoughtcrime.securesms.loki.views.TapJackingProofLinearLayout;
import org.thoughtcrime.securesms.mms.GlideRequests;
import org.thoughtcrime.securesms.mms.ImageSlide;
import org.thoughtcrime.securesms.mms.PartAuthority;
@ -129,7 +130,7 @@ import network.loki.messenger.R;
*
*/
public class ConversationItem extends LinearLayout
public class ConversationItem extends TapJackingProofLinearLayout
implements RecipientModifiedListener, BindableConversationItem
{
private static final String TAG = ConversationItem.class.getSimpleName();

View File

@ -134,10 +134,10 @@ class EnterPublicKeyFragment : Fragment() {
}
private fun copyPublicKey() {
val clipboard = activity!!.getSystemService(Context.CLIPBOARD_SERVICE) as ClipboardManager
val clipboard = requireActivity().getSystemService(Context.CLIPBOARD_SERVICE) as ClipboardManager
val clip = ClipData.newPlainText("Session ID", hexEncodedPublicKey)
clipboard.setPrimaryClip(clip)
Toast.makeText(context!!, R.string.copied_to_clipboard, Toast.LENGTH_SHORT).show()
Toast.makeText(requireContext(), R.string.copied_to_clipboard, Toast.LENGTH_SHORT).show()
}
private fun sharePublicKey() {
@ -149,8 +149,8 @@ class EnterPublicKeyFragment : Fragment() {
}
private fun createPrivateChatIfPossible() {
val hexEncodedPublicKey = publicKeyEditText.text.trim().toString()
(activity!! as CreatePrivateChatActivity).createPrivateChatIfPossible(hexEncodedPublicKey)
val hexEncodedPublicKey = publicKeyEditText.text?.trim().toString() ?: ""
(requireActivity() as CreatePrivateChatActivity).createPrivateChatIfPossible(hexEncodedPublicKey)
}
}
// endregion

View File

@ -0,0 +1,79 @@
package org.thoughtcrime.securesms.loki.views
import android.content.Context
import android.util.AttributeSet
import android.view.MotionEvent
import android.widget.Button
import android.widget.LinearLayout
import android.widget.Toast
private fun isPotentialTapJack(event: MotionEvent): Boolean {
if (event.flags and MotionEvent.FLAG_WINDOW_IS_OBSCURED == MotionEvent.FLAG_WINDOW_IS_OBSCURED) { return true }
if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.Q &&
(event.flags and MotionEvent.FLAG_WINDOW_IS_PARTIALLY_OBSCURED == MotionEvent.FLAG_WINDOW_IS_PARTIALLY_OBSCURED)) { return true }
return false
}
open class TapJackingProofButton : androidx.appcompat.widget.AppCompatButton {
constructor(context: Context) : super(context)
constructor(context: Context, attrs: AttributeSet) : super(context, attrs)
constructor(context: Context, attrs: AttributeSet, defStyleAttr: Int) : super(context, attrs, defStyleAttr)
override fun onFilterTouchEventForSecurity(event: MotionEvent): Boolean {
if (isPotentialTapJack(event)) {
Toast.makeText(context, "Interaction temporarily disabled for security purposes.", Toast.LENGTH_LONG).show()
return false
} else {
return super.onFilterTouchEventForSecurity(event)
}
}
}
open class TapJackingProofEditText : androidx.appcompat.widget.AppCompatEditText {
constructor(context: Context) : super(context)
constructor(context: Context, attrs: AttributeSet) : super(context, attrs)
constructor(context: Context, attrs: AttributeSet, defStyleAttr: Int) : super(context, attrs, defStyleAttr)
override fun onFilterTouchEventForSecurity(event: MotionEvent): Boolean {
if (isPotentialTapJack(event)) {
Toast.makeText(context, "Interaction temporarily disabled for security purposes.", Toast.LENGTH_LONG).show()
return false
} else {
return super.onFilterTouchEventForSecurity(event)
}
}
}
open class TapJackingProofTextView : androidx.appcompat.widget.AppCompatTextView {
constructor(context: Context) : super(context)
constructor(context: Context, attrs: AttributeSet) : super(context, attrs)
constructor(context: Context, attrs: AttributeSet, defStyleAttr: Int) : super(context, attrs, defStyleAttr)
override fun onFilterTouchEventForSecurity(event: MotionEvent): Boolean {
if (isPotentialTapJack(event)) {
Toast.makeText(context, "Interaction temporarily disabled for security purposes.", Toast.LENGTH_LONG).show()
return false
} else {
return super.onFilterTouchEventForSecurity(event)
}
}
}
open class TapJackingProofLinearLayout : LinearLayout {
constructor(context: Context) : super(context)
constructor(context: Context, attrs: AttributeSet) : super(context, attrs)
constructor(context: Context, attrs: AttributeSet, defStyleAttr: Int) : super(context, attrs, defStyleAttr)
override fun onFilterTouchEventForSecurity(event: MotionEvent): Boolean {
if (isPotentialTapJack(event)) {
Toast.makeText(context, "Interaction temporarily disabled for security purposes.", Toast.LENGTH_LONG).show()
return false
} else {
return super.onFilterTouchEventForSecurity(event)
}
}
}