1. Fixed DeepLink issue

2. Added SQLi via Content Provider vulnerability
3. Added Data injection via insecure content provider vulnerability

app/build.gradle

@@ -6,7 +6,9 @@ plugins {
 android {
     namespace 'com.BugBazaar'
     compileSdk 34
-
+    lintOptions {
+        checkReleaseBuilds false
+    }
     sourceSets {
         main {
             jniLibs.srcDirs = ['src/main/jniLibs']

app/release/output-metadata.json

@@ -16,5 +16,22 @@
       "outputFile": "app-release.apk"
     }
   ],
-  "elementType": "File"
+  "elementType": "File",
+  "baselineProfiles": [
+    {
+      "minApi": 28,
+      "maxApi": 30,
+      "baselineProfiles": [
+        "baselineProfiles/1/app-release.dm"
+      ]
+    },
+    {
+      "minApi": 31,
+      "maxApi": 2147483647,
+      "baselineProfiles": [
+        "baselineProfiles/0/app-release.dm"
+      ]
+    }
+  ],
+  "minSdkVersionForDexing": 24
 }

app/src/main/AndroidManifest.xml

@@ -114,6 +114,11 @@
             android:authorities="com.bugbazaar.mycontacts"
             android:exported="true"
             android:permission="com.BugBazaar.permission.contact" />
+        <provider
+            android:name=".ui.addresses.AddressContentProvider"
+            android:authorities="com.bugbazaar.provider.addresses"
+            android:exported="true" />
+
 
         <activity
             android:name=".ui.DetailedProductActivity"
@@ -145,14 +150,20 @@
             android:exported="true">
             <intent-filter>
                 <action android:name="android.intent.action.VIEW" />
-
                 <category android:name="android.intent.category.BROWSABLE" />
                 <category android:name="android.intent.category.DEFAULT" />
-
                 <data
                     android:host="bugbazaar"
                     android:path="/cart/add"
                     android:scheme="bb" />
+                <data
+                    android:host="bugbazaar"
+                    android:path="/offers"
+                    android:scheme="bb" />
+                <data
+                    android:host="bugbazaar"
+                    android:path="/web"
+                    android:scheme="bb" />
             </intent-filter>
         </activity>
 

app/src/main/java/com/BugBazaar/ui/Deeplink.java

@@ -17,13 +17,22 @@
 public class Deeplink extends AppCompatActivity {
     //private List<Product> products;
     WebView webView;
+    TextView messageTextView;
+    TextView toolbarTitle;
 
     @Override
     public void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
         setContentView(R.layout.activity_deep_link);
+
+        // Toolbar title set
+        TextView toolbarTitle = findViewById(R.id.toolbarTitle);
+        toolbarTitle.setText("DeepLink");
+
+        messageTextView= findViewById(R.id.messageTextView);
         Intent intent = getIntent();
         Uri deeplink = intent.getData();
+        toolbarTitle = findViewById(R.id.toolbarTitle);
 
         // Deep link handling for item
         if (deeplink != null && "/cart/add".equals(deeplink.getPath())) {
@@ -41,44 +50,39 @@ public void onCreate(Bundle savedInstanceState) {
 
         // Deep link handling for msg
         if (deeplink != null && "/offers".equals(deeplink.getPath())) {
-            String message = deeplink.getQueryParameter("msg");
+            String message = deeplink.getQueryParameter("textMsg");
             if (message != null) {
-                // Display the message, e.g., in a TextView
-                TextView toolbarTitle = findViewById(R.id.toolbarTitle);
-                toolbarTitle.setText("Offers");
-                TextView messageTextView = findViewById(R.id.messageTextView);
                 messageTextView.setText(message);
-            } else {
-                TextView toolbarTitle = findViewById(R.id.toolbarTitle);
-                toolbarTitle.setText("Offers");
-                TextView messageTextView = findViewById(R.id.messageTextView);
-                messageTextView.setText("Coming Soon...............!");
             }
         }
 
         // Deep link handling for url
         if (deeplink != null && "/web".equals(deeplink.getPath())) {
-            String webViewUrl = deeplink.getQueryParameter("url");
+            String webViewUrl = deeplink.getQueryParameter("urlToLoad");
             // Check if the "url" parameter contains "payatu.com"
             if (webViewUrl != null && webViewUrl.contains("payatu.com")) {
-                TextView toolbarTitle = findViewById(R.id.toolbarTitle);
-                toolbarTitle.setText("BugBazaar");
+
                 webView = findViewById(R.id.deeplink_view);
                 setupwebview(webView);
                 this.webView.loadUrl(webViewUrl);
+                messageTextView.setVisibility(View.GONE);
+            }
+            else{
+                messageTextView.setText("Host is invalid.");
             }
         }
     }
-        //Code to handle back button - Redirect to home page on back pressed
-        public void onBackButtonClick (View view){
-            //  onBackPressed(); // Navigate back to the previous activity
-            Intent backtohome = new Intent(this, NavigationDrawer_Dashboard.class);
-            startActivity(backtohome);
-        }
+    //Code to handle back button - Redirect to home page on back pressed
+
     private void setupwebview (WebView webView){
         webView.setWebViewClient(new WebViewClient());
         webView.setWebChromeClient(new WebChromeClient());
         webView.getSettings().setJavaScriptEnabled(true);
         webView.getSettings().setAllowUniversalAccessFromFileURLs(true);
     }
+    public void onBackButtonClick (View view){
+        //  onBackPressed(); // Navigate back to the previous activity
+        Intent backtohome = new Intent(this, NavigationDrawer_Dashboard.class);
+        startActivity(backtohome);
     }
+}

app/src/main/java/com/BugBazaar/ui/addresses/Address.java

@@ -1,43 +1,24 @@
 package com.BugBazaar.ui.addresses;
-import android.content.Intent;
-import android.database.sqlite.SQLiteDatabase;
-import android.database.Cursor;
-import android.content.ContentValues;
+
 import android.content.Context;
-import android.database.sqlite.SQLiteOpenHelper;
 import android.os.Bundle;
-import android.util.Log;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.widget.Button;
 import android.widget.EditText;
 import android.widget.LinearLayout;
-import android.widget.ScrollView;
 import android.widget.TextView;
 import android.widget.Toast;
-import androidx.appcompat.app.AppCompatActivity;
 import com.BugBazaar.R;
 import com.BugBazaar.ui.BaseActivity;
-import com.BugBazaar.ui.SessionManager;
-import com.BugBazaar.ui.Signin;
 
 import java.util.List;
 
 public class Address extends BaseActivity {
-    private SessionManager sessionManager;
-    private EditText editTextNewAddrNickName;
-    private EditText editTextNewAddress;
-    private EditText searchBoxEditText;
-    private Button btnSaveAddress;
-    private Button btnSearchAddress;
-    private LinearLayout addressListLayout;
-    private SQLiteDatabase database;
-    private AddressDatabaseHelper dbHelper; // Declare dbHelper here
     @Override
     protected void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
         setContentView(R.layout.activity_address);
-        addressListLayout = findViewById(R.id.addressListLayout);
 
         //Toolbar title set
         TextView toolbarTitle = findViewById(R.id.toolbarTitle);

app/src/main/java/com/BugBazaar/ui/addresses/AddressContentProvider.java

@@ -0,0 +1,72 @@
+package com.BugBazaar.ui.addresses;
+
+import android.content.ContentProvider;
+import android.content.ContentUris;
+import android.content.ContentValues;
+import android.database.Cursor;
+import android.database.sqlite.SQLiteDatabase;
+import android.net.Uri;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+
+public class AddressContentProvider extends ContentProvider {
+    private AddressDatabaseHelper dbHelper;
+
+    @Override
+    public boolean onCreate() {
+        dbHelper = new AddressDatabaseHelper(getContext());
+        return true;
+    }
+
+    @Override
+    public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) {
+        SQLiteDatabase db = dbHelper.getReadableDatabase();
+
+        // Add condition to exclude addresses containing "0xSuper_Secret0x"
+        String newSelection;
+        if (selection != null && !selection.isEmpty()) {
+            newSelection = selection + " AND " + AddressContract.AddressEntry.COLUMN_NICKNAME + " NOT LIKE '%0xSuper_Secret0x%'";
+        } else {
+            newSelection = AddressContract.AddressEntry.COLUMN_NICKNAME + " NOT LIKE '%0xSuper_Secret0x%'";
+        }
+
+        Cursor cursor = db.query(AddressContract.AddressEntry.TABLE_NAME,
+                projection,
+                newSelection,
+                selectionArgs,
+                null,
+                null,
+                sortOrder);
+
+        cursor.setNotificationUri(getContext().getContentResolver(), uri);
+        return cursor;
+    }
+
+
+    @Nullable
+    @Override
+    public String getType(@NonNull Uri uri) {
+        return null;
+    }
+
+    @Override
+    public Uri insert(Uri uri, ContentValues values) {
+        SQLiteDatabase db = dbHelper.getWritableDatabase();
+        long id = db.insert(AddressContract.AddressEntry.TABLE_NAME, null, values);
+        getContext().getContentResolver().notifyChange(uri, null);
+        return ContentUris.withAppendedId(uri, id);
+    }
+
+    @Override
+    public int delete(@NonNull Uri uri, @Nullable String selection, @Nullable String[] selectionArgs) {
+        return 0;
+    }
+
+    @Override
+    public int update(@NonNull Uri uri, @Nullable ContentValues values, @Nullable String selection, @Nullable String[] selectionArgs) {
+        return 0;
+    }
+
+    // Implement other necessary methods: update, delete, getType, etc.
+}

app/src/main/java/com/BugBazaar/ui/addresses/AddressContract.java

@@ -0,0 +1,15 @@
+package com.BugBazaar.ui.addresses;
+
+import android.net.Uri;
+import android.provider.BaseColumns;
+
+public class AddressContract {
+
+    public static final class AddressEntry implements BaseColumns {
+        public static final Uri CONTENT_URI = Uri.parse("content://com.bugbazaar.provider.addresses/addresses");
+        //public static final Uri CONTENT_URI = BASE_CONTENT_URI.buildUpon().appendPath(PATH_ADDRESSES).build();
+        public static final String TABLE_NAME = "addresses";
+        public static final String COLUMN_NICKNAME = "nickname";
+        public static final String COLUMN_ADDRESS = "address";
+    }
+}

app/src/main/res/layout/activity_deep_link.xml

@@ -1,24 +1,29 @@
 <?xml version="1.0" encoding="utf-8"?>
-<LinearLayout
-    xmlns:android="http://schemas.android.com/apk/res/android"
+<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:app="http://schemas.android.com/apk/res-auto"
     xmlns:tools="http://schemas.android.com/tools"
     android:layout_width="match_parent"
     android:layout_height="match_parent"
     android:orientation="vertical">
+
     <include
         layout="@layout/nav_toolbar_sub"
-        android:layout_height="wrap_content"
-        android:layout_width="match_parent"></include>
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"></include>
+
     <TextView
         android:id="@+id/messageTextView"
         android:layout_width="wrap_content"
         android:layout_height="wrap_content"
+        android:layout_marginTop="24dp"
+        android:layout_gravity="center"
+        android:paddingTop="30dp"
+        android:text="🚧 This page is under construction 🚧"
+        android:textColor="#000"
         android:textSize="18sp"
         android:textStyle="bold"
-        android:layout_marginTop="24dp"
-        android:text="This page is under construction"
-        android:textColor="#000" />
+        android:layout_margin="10dp"/>
+
     <WebView
         android:id="@+id/deeplink_view"
         android:layout_width="match_parent"

build.gradle

@@ -10,6 +10,6 @@ buildscript {
 }// Top-level build file where you can add configuration options common to all sub-projects/modules.
 plugins {
 
-    id 'com.android.application' version '8.0.0' apply false
-    id 'com.android.library' version '8.0.0' apply false
+    id 'com.android.application' version '8.3.1' apply false
+    id 'com.android.library' version '8.3.1' apply false
 }

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 #Wed Jul 26 10:25:33 IST 2023
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.0-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists