Info Call to XML parsing API

Description

Improper XML parsing could lead to several vulnerabilities which could to arbitrary file access (External XML Entities injection, XML injection) or denial of service (Billion laughs, quadratic blowup).

Recommendation

This entry is informative, no recommendations applicable.

Technical details

Method android.support.v7.widget.ActivityChooserModel$PersistHistoryAsyncTask.doInBackground() calling method android.util.Xml.newSerializer()

Couldn't retrieve source code

Method com.simpl.android.fingerprint.commons.exception.a.c() calling method android.util.Xml.newSerializer()


    private static void c(Throwable p11, java.util.Map p12)
    {
        try {
            String v0_7 = new java.util.Random().nextInt(99999);
            java.io.BufferedWriter v1_4 = new StringBuilder();
            v1_4.append(com.simpl.android.fingerprint.commons.exception.a.g);
            v1_4.append(com.simpl.android.fingerprint.commons.exception.a.c);
            v1_4.append("-");
            v1_4.append(String.valueOf(v0_7));
            v1_4.append(".xml");
            java.io.BufferedWriter v1_2 = new java.io.BufferedWriter(new java.io.FileWriter(v1_4.toString()));
            String v0_5 = android.util.Xml.newSerializer();
            v0_5.setOutput(v1_2);
            v0_5.startDocument("UTF-8", Boolean.TRUE);
            v0_5.startTag("", "notice");
            v0_5.attribute("", "version", "2.0");
            v0_5.startTag("", "api-key");
            v0_5.text(com.simpl.android.fingerprint.commons.exception.a.e);
            v0_5.endTag("", "api-key");
            v0_5.startTag("", "notifier");
            v0_5.startTag("", "name");
            v0_5.text("Android Airbrake Notifier");
            v0_5.endTag("", "name");
            v0_5.startTag("", "version");
            v0_5.text("1.3.0");
            v0_5.endTag("", "version");
            v0_5.startTag("", "url");
            v0_5.text("http://loopj.com");
            v0_5.endTag("", "url");
            v0_5.endTag("", "notifier");
            v0_5.startTag("", "error");
            v0_5.startTag("", "class");
            v0_5.text(p11.getClass().getName());
            v0_5.endTag("", "class");
            v0_5.startTag("", "message");
            String v2_81 = new StringBuilder("[");
            v2_81.append(com.simpl.android.fingerprint.commons.exception.a.c);
            v2_81.append("] ");
            v2_81.append(p11.toString());
            v0_5.text(v2_81.toString());
            v0_5.endTag("", "message");
            v0_5.startTag("", "backtrace");
            String v2_4 = p11;
        } catch (Exception) {
            return;
        }
        while (v2_4 != null) {
            String v3_3 = v2_4.getStackTrace();
            String v4_0 = v3_3.length;
            String v5_0 = 0;
            while (v5_0 < v4_0) {
                String v6_2 = v3_3[v5_0];
                v0_5.startTag("", "line");
                String v9_4;
                String v9_1 = new StringBuilder();
                v9_1.append(v6_2.getClassName());
                v9_1.append(".");
                v9_1.append(v6_2.getMethodName());
                v0_5.attribute("", "method", v9_1.toString());
                if (v6_2.getFileName() != null) {
                    v9_4 = v6_2.getFileName();
                } else {
                    v9_4 = "Unknown";
                }
                v0_5.attribute("", "file", v9_4);
                v0_5.attribute("", "number", String.valueOf(v6_2.getLineNumber()));
                v0_5.endTag("", "line");
                v5_0++;
            }
            v2_4 = v2_4.getCause();
            if (v2_4 != null) {
                v0_5.startTag("", "line");
                String v5_2 = new StringBuilder("### CAUSED BY ###: ");
                v5_2.append(v2_4.toString());
                v0_5.attribute("", "file", v5_2.toString());
                v0_5.attribute("", "number", "");
                v0_5.endTag("", "line");
            }
        }
        v0_5.endTag("", "backtrace");
        v0_5.endTag("", "error");
        v0_5.startTag("", "request");
        v0_5.startTag("", "url");
        v0_5.endTag("", "url");
        v0_5.startTag("", "component");
        v0_5.endTag("", "component");
        v0_5.startTag("", "action");
        v0_5.endTag("", "action");
        v0_5.startTag("", "cgi-data");
        v0_5.startTag("", "var");
        v0_5.attribute("", "key", "Device");
        v0_5.text(android.os.Build.MODEL);
        v0_5.endTag("", "var");
        v0_5.startTag("", "var");
        v0_5.attribute("", "key", "Android Version");
        v0_5.text(android.os.Build$VERSION.RELEASE);
        v0_5.endTag("", "var");
        v0_5.startTag("", "var");
        v0_5.attribute("", "key", "App Version");
        v0_5.text(com.simpl.android.fingerprint.commons.exception.a.c);
        v0_5.endTag("", "var");
        v0_5.startTag("", "var");
        v0_5.attribute("", "key", "Parent App");
        v0_5.text(com.simpl.android.fingerprint.commons.exception.a.b);
        v0_5.endTag("", "var");
        if ((com.simpl.android.fingerprint.commons.exception.a.d != null) && (!com.simpl.android.fingerprint.commons.exception.a.d.isEmpty())) {
            String v2_38 = com.simpl.android.fingerprint.commons.exception.a.d.entrySet().iterator();
            while (v2_38.hasNext()) {
                String v3_38 = ((java.util.Map$Entry) v2_38.next());
                v0_5.startTag("", "var");
                v0_5.attribute("", "key", ((String) v3_38.getKey()));
                v0_5.text(((String) v3_38.getValue()));
                v0_5.endTag("", "var");
            }
        }
        if ((p12 != null) && (!p12.isEmpty())) {
            java.util.Iterator v12_2 = p12.entrySet().iterator();
            while (v12_2.hasNext()) {
                String v2_54 = ((java.util.Map$Entry) v12_2.next());
                v0_5.startTag("", "var");
                v0_5.attribute("", "key", ((String) v2_54.getKey()));
                v0_5.text(((String) v2_54.getValue()));
                v0_5.endTag("", "var");
            }
        }
        v0_5.endTag("", "cgi-data");
        v0_5.endTag("", "request");
        v0_5.startTag("", "server-environment");
        v0_5.startTag("", "environment-name");
        v0_5.text(com.simpl.android.fingerprint.commons.exception.a.a);
        v0_5.endTag("", "environment-name");
        v0_5.startTag("", "app-version");
        v0_5.text(com.simpl.android.fingerprint.commons.exception.a.c);
        v0_5.endTag("", "app-version");
        v0_5.endTag("", "server-environment");
        v0_5.endTag("", "notice");
        v0_5.endDocument();
        v1_2.flush();
        v1_2.close();
        java.util.Iterator v12_15 = new StringBuilder("Writing new ");
        v12_15.append(p11.getClass().getName());
        v12_15.append(" exception to disk.");
        return;
    }