You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cordova.apache.org by amovsesy <gi...@git.apache.org> on 2017/05/12 18:57:16 UTC
[GitHub] cordova-plugin-file-transfer pull request #179: Fixing a security issue whic...
GitHub user amovsesy opened a pull request:
https://github.com/apache/cordova-plugin-file-transfer/pull/179
Fixing a security issue which is banned by google play that can be fo…
…und https://support.google.com/faqs/answer/6346016
Adding a check for the certificate that comes in when connecting to the server
<!--
Please make sure the checklist boxes are all checked before submitting the PR. The checklist
is intended as a quick reference, for complete details please see our Contributor Guidelines:
http://cordova.apache.org/contribute/contribute_guidelines.html
Thanks!
-->
### Platforms affected
Android
### What does this PR do?
Adds a check for the connection that gets created
### What testing has been done on this change?
Ran the tests
### Checklist
- [x] [Reported an issue](http://cordova.apache.org/contribute/issues.html) in the JIRA database
- [x] Commit message follows the format: "CB-3232: (android) Fix bug with resolving file paths", where CB-xxxx is the JIRA ID & "android" is the platform affected.
- [x] Added automated test coverage as appropriate for this change.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/rentlyio/cordova-plugin-file-transfer fixingSecurityIssue
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cordova-plugin-file-transfer/pull/179.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #179
----
commit 0503664bd14319414630b7c704310b8c49c142d6
Author: Aleksandr Movsesyan <am...@users.noreply.github.com>
Date: 2017-05-12T18:29:39Z
Fixing a security issue which is banned by google play that can be found https://support.google.com/faqs/answer/6346016
Adding a check for the certificate that comes in when connecting to the server
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
[GitHub] cordova-plugin-file-transfer issue #179: CB-12809 android
Posted by jcesarmobile <gi...@git.apache.org>.
Github user jcesarmobile commented on the issue:
https://github.com/apache/cordova-plugin-file-transfer/pull/179
Yeah, so the solution should be to deprecate `trustAllHosts`, documenting it and then remove those methods, not to implement them with a safe implementation because that will make `trustAllHosts` to stop working
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
[GitHub] cordova-plugin-file-transfer issue #179: CB-12809 android
Posted by jcesarmobile <gi...@git.apache.org>.
Github user jcesarmobile commented on the issue:
https://github.com/apache/cordova-plugin-file-transfer/pull/179
Those methods are there to ignore the certificates if you pass `trustAllHosts` param set to true (default is false)
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
[GitHub] cordova-plugin-file-transfer issue #179: CB-12809 android
Posted by filmaj <gi...@git.apache.org>.
Github user filmaj commented on the issue:
https://github.com/apache/cordova-plugin-file-transfer/pull/179
+1 to @jcesarmobile's proposed solution.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
[GitHub] cordova-plugin-file-transfer issue #179: Fixing a security issue which is ba...
Posted by amovsesy <gi...@git.apache.org>.
Github user amovsesy commented on the issue:
https://github.com/apache/cordova-plugin-file-transfer/pull/179
@stevengill Can you please take a look at this
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
[GitHub] cordova-plugin-file-transfer pull request #179: CB-12809 android
Posted by amovsesy <gi...@git.apache.org>.
Github user amovsesy closed the pull request at:
https://github.com/apache/cordova-plugin-file-transfer/pull/179
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
[GitHub] cordova-plugin-file-transfer issue #179: CB-12809 android
Posted by kerrishotts <gi...@git.apache.org>.
Github user kerrishotts commented on the issue:
https://github.com/apache/cordova-plugin-file-transfer/pull/179
+1 to deprecation as well.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
[GitHub] cordova-plugin-file-transfer issue #179: CB-12809 android
Posted by amovsesy <gi...@git.apache.org>.
Github user amovsesy commented on the issue:
https://github.com/apache/cordova-plugin-file-transfer/pull/179
@jcesarmobile, I understand, but this is violating Google's play ToS and it clearly states that any new updates or apps using an unsafe implementation of TrustManager will be blocked. https://support.google.com/faqs/answer/6346016. Given that, any apps using this code would be in violation and could be blocked from the google store.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
[GitHub] cordova-plugin-file-transfer issue #179: CB-12809 android
Posted by cordova-qa <gi...@git.apache.org>.
Github user cordova-qa commented on the issue:
https://github.com/apache/cordova-plugin-file-transfer/pull/179
Cordova CI Build has completed successfully.
**Commit** - [Link](https://github.com/apache/cordova-plugin-file-transfer/pull/179/commits/35886fe8ecce12f1932f5eec4b614b2eebd6d5e3)
**Dashboard** - [Link](http://cordova-ci.cloudapp.net:8080/job/cordova-plugin-file-transfer-pr/78/)
318 tests run, 15 skipped, 0 failed.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org