cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Bowser <>
Subject Android JUnit Refactor Deletes Test for CVE
Date Wed, 11 Feb 2015 21:48:27 GMT
Responding via private list because this is about a security issue.

Andrew, your refactor deleted a very important JUnit test, the
SabotagedActivity test is very important for a past CVE where intents could
be randomly sent to Cordova and executed remotely.  I want to know why this
code was deleted, and what will be done to reproduce this test case.

I think that you deleting this use case opens us up to serious regressions
that could put us at risk, and I would like your justification for that.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message