|
Obviusly i didnt make it with that way...so i need more help in that project fully or partly...Never mind,I m going to find a way to do this.Thank you for your help!
|
|
|
|
|
I'm seeing four things here: 1) retrieve my contacts, 2) shown into a list, 3) respond to a click, 4) make a call. Stop looking at the larger picture and break it down into more manageable parts. Which of these specifically do you need help with?
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
Dear friend,
unfortunatelly i can not deal with any of these isues!If you have something on mind,pleaze help me,wherever you can.Thanks a lot for your kind response!!! 
|
|
|
|
|
Member 12751865 wrote:
unfortunatelly i can not deal with any of these isues!
So then exactly what are you doing here? This is, after all, a site for developer types.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
I have developed an application in the Cordova Framework, and I have added a camera plugin for capture functionality.
I am getting an Information Leakage flaw in the code below
OutputStream os = this.cordova.getActivity().getContentResolver().openOutputStream(uri);
try {
bitmap.compress(Bitmap.CompressFormat.JPEG, this.mQuality, os);
os.close();
} finally {
if (os != null) {
os.close();
}
}
|
|
|
|
|
Member 12358097 wrote: ...Information Leakage flaw...
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
Is that a runtime exception or a compile-time? Can you share the exception name too?
Information leakage flaw is unclear. Share the error message, precise error message.
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~
|
|
|
|
|
Associated Flaws by CWE ID:
Information Exposure Through Sent Data (CWE ID 201)(5 flaws)
Description
Sensitive information may be exposed as a result of outbound network connections made by the application. This can manifest in a couple of different ways.
In C/C++ applications, sometimes the developer fails to zero out a buffer before populating it with data. This can cause information leakage if, for example, the buffer contains a data structure for which only certain fields were populated. The uninitialized fields would contain whatever data is present at that memory location. Sensitive information from previously allocated variables could then be leaked when the buffer is sent over the network.
Mobile applications may also transmit sensitive information such as email or SMS messages, address book entries, GPS location data, and anything else that can be accessed by the mobile API. This behavior is common in mobile spyware applications designed to exfiltrate data to a listening post or other data collection point. This flaw is categorized as low severity because it only impacts confidentiality, not integrity or availability. However, in the context of a mobile application, the significance of an information leak may be much greater, especially if misaligned with user expectations or data privacy policies.
Effort to Fix: 2 - Implementation error. Fix is approx. 6-50 lines of code. 1 day to fix.
Recommendations
In C/C++ applications, ensure that all struct elements are initialized or zeroed before being sent. In mobile applications, ensure that the transfer of sensitive data is intended and that it does not violate application security policy or user expectations.
|
|
|
|
|
That is the sort of detail that every developer is expected to understand; it just means that you need to be careful when handling sensitive data. And the solution will vary according to the structure of your actual application.
|
|
|
|
|
i understand and looking for solution.
if anyone can suggest i tried using try resource but no luck its giving same warning.
|
|
|
|
|
Bitmap bitmap = null;
Uri uri = null;
if (destType == FILE_URI || destType == NATIVE_URI) {
if (this.saveToPhotoAlbum) {
Uri inputUri = getUriFromMediaStore();
try {
uri = Uri.fromFile(new File(FileHelper.getRealPath(inputUri, this.cordova)));
} catch (NullPointerException e) {
uri = null;
}
} else {
uri = Uri.fromFile(new File(getTempDirectoryPath(), System.currentTimeMillis() + ".jpg"));
}
if (uri == null) {
this.failPicture("Error capturing image - no media storage found.");
return;
}
if (this.targetHeight == -1 && this.targetWidth == -1 && this.mQuality == 100 &&
!this.correctOrientation) {
writeUncompressedImage(uri);
this.callbackContext.success(uri.toString());
} else {
bitmap = getScaledBitmap(FileHelper.stripFileProtocol(imageUri.toString()));
if (rotate != 0 && this.correctOrientation) {
bitmap = getRotatedBitmap(rotate, bitmap, exif);
}
try (OutputStream os = this.cordova.getActivity().getContentResolver().openOutputStream(uri)) {
bitmap.compress(Bitmap.CompressFormat.JPEG, this.mQuality, os);
}
i tried using try resource but no luck still getting warning:
try (OutputStream os = this.cordova.getActivity().getContentResolver().openOutputStream(uri))
|
|
|
|
|
The message is telling you to look at the information you are transferring and take steps to keep it secure. If it does not need to be secured then you can ignore the warnings. If it does, then you need to use some form of encryption to protect it.
|
|
|
|
|
even i understand that but the issue is whats need to be done for this one line of code which is throwing warning , i can find inception point of warning and that is Uri .
what can we do with object( Uri uri) i am still way of finding solution.
try resource seems not be working.
Anyway thanks bro
|
|
|
|
|
The same answer as I have already given you.
|
|
|
|
|
The past night, using my android phone, I have noticed the small voice of the Holy Spirit warning of a curse or other danger... Investigating to find it, through night vision the phone was a spotlight. Visually there was red dot barely visible in the corner. It was flashing a pattern..... The red color of an IR targeting laser, or multimode fiber laser meaning it was near infrared.
For now I have used electrical tape. But how can I access "INFRARED EMITTER" via an app.. What is his purpose on the phone to begin with. Why does it flash a pattern when it cannot be seen but through intention. 
|
|
|
|
|
You need to stop smoking that stuff.
|
|
|
|
|
I notice you have not explain why the infrared emitter is there, or even deny it.
You just say I'm a weirdo for caring (apparently) 
|
|
|
|
|
No, I just have no idea what you are talking about.
|
|
|
|
|
Richard MacCutchan wrote: I just have no idea what you are talking about.
So instead of ignoring the question which you did not understand, you get aggresive and make an condescending remark (because you did not understand something).. With voices like these companies become stagnant, because people are afraid to make a new idea.
|
|
|
|
|
Member 12717761 wrote: you get aggresive and make an condescending remark
I was not in any way aggressive, I merely joked that your question sounded like it was posted by someone on drugs. If you have a proper technical question then please post proper technical details, and people will try to help you.
|
|
|
|
|
here i put some more code to make users understand the issue,
Bitmap bitmap = null;
Uri uri = null;
if (destType == FILE_URI || destType == NATIVE_URI) {
if (this.saveToPhotoAlbum) {
Uri inputUri = getUriFromMediaStore();
try {
uri = Uri.fromFile(new File(FileHelper.getRealPath(inputUri, this.cordova)));
} catch (NullPointerException e) {
uri = null;
}
} else {
uri = Uri.fromFile(new File(getTempDirectoryPath(), System.currentTimeMillis() + ".jpg"));
}
if (uri == null) {
this.failPicture("Error capturing image - no media storage found.");
return;
}
if (this.targetHeight == -1 && this.targetWidth == -1 && this.mQuality == 100 &&
!this.correctOrientation) {
writeUncompressedImage(uri);
this.callbackContext.success(uri.toString());
} else {
bitmap = getScaledBitmap(FileHelper.stripFileProtocol(imageUri.toString()));
if (rotate != 0 && this.correctOrientation) {
bitmap = getRotatedBitmap(rotate, bitmap, exif);
}
try (OutputStream os = this.cordova.getActivity().getContentResolver().openOutputStream(uri)) {
bitmap.compress(Bitmap.CompressFormat.JPEG, this.mQuality, os);
}
|
|
|
|
|
Well we cannot understand unless you tell us what the problem is.
|
|
|
|
|
I have dont android development from quite some time, developed few projects.
I want to increase my knowledge, pleade recommend me some advance books on android
Thanks!
PS : I am not so confident in Broadcast Receivers and Services
|
|
|
|
|
|
Member 11828365 wrote: I want to increase my knowledge...
Develop more projects.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
