I have an android application uploaded in google play store which uses Zoom SDK. I have recently got an alert from play console that the app contains an unsafe unzipping pattern that may lead to a Path Traversal vulnerability at location us.zoom.androidlib.util.FileUtils.unzipFile .I think it is a bug from zoom sdk and needs to be resolved by them. Can any one know how to fix this issue?
Zoom sdk is used for Zoom calling functionality. we only using zoom sdk , no other configuration file are used in application. even its showing this security error from google play.Zoom Sdk need to look this security issue.
You could fix this errors by checking if canonical paths to unzipped files or not.
Check if again the return value of File.GetCanonicalPath() belongs to the intended directory path.
Related
Crashlytics could not find the resource file generated by Google Services.You may need to execute the :processGoogleServices Task
i read the solution from this qusetion Crashlytics could not find the resource file generated by Google Services. You may need to execute the :process<Variant>GoogleServices Task
but i didn't succeded to run this command in my unity project
./gradlew :app:processProdReleaseGoogleServices or ./gradlew :app:processDevReleaseGoogleServices
how can i run it?
A tricky bit with the Unity SDK is that because Firebase still supports versions of Unity that predate a total move to gradle (I believe 2019.4 is when Unity switched over entirely, the earliest supported version right now is 2017.4), many Android specific solutions (such as the one you linked) won't function. If you did want to try it, you can select "Export Project" in your build settings -- but I don't think this will help:
It sounds instead like you're missing Plugins/Android/FirebaseApp.androidlib or Plugins/Android/FirebaseCrashlytics.androidlib. These are generated by the Firebase plugins (obviously FirebaseCrashlytics.androidlib is specific to Crashlytics -- you won't see that one otherwise) as part of a processing step to simulate what the Play Services gradle plugin would do in a typical Android application or game.
Some things to try:
Make sure you're on a supported version of Unity (2017.4 or newer -- Firebase does not officially support alphas or betas).
Ensure that you have a valid google-services.json file added and that Crashlytics has been added to your backend (full instructions here to redownload).
Re-add FirebaseCrashlytics and ensure that you leave everything checked.
Ensure that you have the latest Crashlytics plugin (currently 7.1.0). You can download just Crashlytics now from this site, but make sure you don't mix and match versions with other Firebase plugins.
And if none of these work, sometimes small changes in build environments expose unexpected issues. Your best bet will be to file an issue here with everything you've tried.
I'm pretty new to Firebase, and Web Development in general. Does anyone know how to avoid errors like these in WebStorm?
Ideally I would like to be able to point Webstorm towards some resource so it recognizes these functions. Everything works and this is technically just an annoyance, but I haven't been able to find a solution.
To link Firebase as a library in WebStorm's JavaScript project do as follows:
Hit Ctrl+Alt+S to open Settings page.
Open page Language & Frameworks > JavaScript > Libraries
Hit ADD... button on right
Fill name as firebase
Hit + and Attach Directories
Find your node_modules\#firebase folder inside current project
You can OK twice to confirm and close Settings page
Now your Firebase is recognized by WebStorm and all #types are defined, and you can Ctrl+Click any function, and get code completion!
Best regards!
Adding firebase as a dependency to package.json and then doing npm install should do the trick – WebStorm fill index the source files and provide code completion for Firebase APIs.
Alternatively, you can download firebase-app.js and firebase-auth.js from the CDN and then configure them as a Library in WebStorm as described in the docs.
I currently have a handler within my global Xamarin.Forms Mobile App project. This handler contains a System.Io.File.Open on a text file that is located within the Users Document directory.
However, when running the UWP application, it throws the following:
Exception thrown: 'System.UnauthorizedAccessException' in System.IO.FileSystem.dll
System.UnauthorizedAccessException: Access to the path 'C:\Users' is denied.
I do not have much experience with both Xamarin.Forms and UWP so possibly I am doing something wrong from the start. I did do some research before posting this question, and understood that UWP runs in a sandbox that requires user permission to access directories and/or files within specific locations.
I've heard however that setting the following within Package.appxmanifest would allow access to all directories the current user has access to:
<rescap:Capability Name="broadFileSystemAccess" />
However that didn't make any difference for me. Then I proceeded and allowed through Windows Settings the application to access the file system as mentioned somewhere. This didn't solve anything either.
Did some more research that UWP has it's own IO interface using IStorageHandlers and related. But these cannot be used within a netstandard2.0 library as far as I've seen.
How would one handle file operations from within a netstandard2.0 library that is included within a UWP application?
The broadFilesystemAccess capability will give an application access to all user-accessible files, but only via two mechanisms:
Windows.Storage APIs; or
CreateFileFromApp and similar Win32 APIs.
Since .NET doesn't use either of those APIs under the covers, it can't access locations outside of the app's package / data folders.
Not sure if there is another answer that would suit UWP applications, if there is, please do put them here. However, impatient me that wants to move on decided to uses WPF instead. Luckily Xamarin.Forms also supports WPF and WinForms. For WPF you can follow an official How To here: https://learn.microsoft.com/en-US/xamarin/xamarin-forms/platform/other/wpf .
Luckily for me I was planning on supporting Windows prior to windows 10 so it was a given that I had to switch.
How do you setup google firebase dynamic links, deep linking, in a xamarin forms app?
This is how I setup Firebase Dynamic Links in Android project of my Xamarin Forms App, so most of this will apply directly to android. I will work on finishing and documenting the iOS implementation in the future.
Disclaimer: I'm not an expert, any or all of this could be wrong. It's just what worked for me and my basic understanding. Please let me know if there are any errors and let's improve our collective intelligence of the Xamarin Community
If you don't already know what Dynamic Links are, watch the 2 min video, it's a great overview. https://firebase.google.com/docs/dynamic-links/
The Setup
Setup is broken up into 2 parts.
Part 1 - Configure the Dynamic Links in the Firebase Console (Easy)
Part 2 - Configure your app to be able to receive and process the Deep Links (Not as Easy)
Part 1 - Configure the Dynamic Links in the Firebase Console (Easy)
1- Setup a free firebase account at https://firebase.google.com/
2- Create a project.
3- Create a new dynamic link, the tab is at the bottom of the 'Grow' section.
It will generate a static domain name for you based off of your project name. Ex. 'https://myproject.page.link'
Short Link url is what users will click on to navigate to your appstore or launch your app.
Deep Link url is what actually gets sent into your app for you to work with. Ex 'https://myproject.com/MainPage'
iOS behavior. Currently set mine to open the link in a url browser, as my app is not connected to it yet.
Android behavior Very Important but not as hard as my explanation makes it look.
Here is where you register your app with firebase. The package name should be easy, use the same one as defined in your
apps Android properties. Ex 'com.mycompany.appname'
Adding the signing certs SHA-1 and SHA-256 are required for Dynamic Links, which is what we are doing here.
Microsoft has a great guide on this, better than I can explain. here
Download the google-services.json file - You will need it later. Also, you will need the one that has incorporated the SHA cert details in it.
Ignore the instructions for adding the firebase SDK, we will add these to our project later using Nuget packages.
When this is all done your app should be selectable in a dropdown for the android behavior.
Finally, add any extra tags to your dynamic link url if you want, its optional.
And that's it! Now you should have a working short link. When used on an android device it should already be able to determine if the app is already installed or not, and then either direct the user to the play store or open the app. However, it won't do anything with that deep link url that you set. That brings us to the next part.
Part 2 - Configure your app to be able to receive and process the Deep Links (Not as Easy)
1- Versions, might be important.
2- Nuget Packages - Hopefully this goes smoother for you than it did for me.
3- The Code
3a- Intent Filters
3b- Handling the Deep Link
1- Versions.
I was having a lot of issues trying to get dynamic/deep linking to work. So I went back and updated everything to the newest versions available at the time.
Visual Studio Professional 2017 - 15.7.5
.NET Framework 4.7.03056
Xamarin 4.10.10.2
Xamarin.Android SDK 8.3.3.2
Android SDK Manager - Got the latest. Android 8.1 API 27 and Android 8.0 API 26 (Targeting 8.1 might be required)
Android Properties -
-Application - Compile using Android Version(Target Framework): Android 8.1 Oreo
-Android Manifest: Target Android Version: Use Compile SDK Version(haven't tried targetting 8.1 directly, might work). My min target is still Android 4.4 API 19 Kit Kat
2- Nuget Packages. These are just for the Android project. MyApp.Android
You shouldn't have to add anything into the .NET Standard Project, just make sure the Xamarin.Forms Versions match
Below is what I did
Update:
Xamarin.Forms - updated to 3.0.0.482510
Install:
This is where it immediately got annoying for me. Issues here are what lead me to go back and update my Android API Levels to the most recent, 8.1
Xamarin.Firebase.Dynamic.Links by Xamarin Inc v60.1142.1 is what you want to install.
The other dependencies should automatically install. In my case, they did not.
Dependency MonoAndroid,Version=v8.0 is important here. That should be the SDK API version that your app is set to compile against.
However, the other dependencies like Xamarin.GooglePlayServices.Basement (= 60.1142.1) have nested dependencies of their own that require MonoAndroid,Version=v8.1
So if you run into issues installing the Dynamic Links Package, thats where I would recommend looking first.
For my purposes, the nested dependencies were not automatically getting installed, so I went down through each of them and their lists and did them all manually. Even the ones that said not to do manually. It's only 20 or so, but my guess would be if I had my project SDK's set to 8.1 before all of this that it would have gone smoothly.
The CODE
Intent Filters
These are defined in your AndroidManifest.xml file
What do they do? They listen for instructions while your app starts.
When an app start matches a pre-defined filter(short link), they it stores your intended action or data on the Intent Class. That is where we pull the deep link from.
For us, this is what let's the android app receive and begin to process the deep link url that you set all the way back in Part 1.
The firebase dynamic link docs have a good breakdown and example of what to do. here
The android developer docs have a good example and breakdown of this also. here
NOTE Focus on whats between the activity tags. I've just included the other tags to show general structure, in case you haven't edited these before.
That is about the minimum of what you need.
The highlighted line should match the Short Dynamic Link you setup in the established in the Firebase Console.
I'd recommend using a Wildcard like I did in the path prefix.
That way you can make new Dynamic Links and your app can handle them without having to release new versions.
Handling the Deep Link
At this point if your app is launched by the short link, you should be able to catch the deep link during the android startup process and handle it how you want.
All I will cover here is a basic example of how to get the Deep Link as a string.
I pass mine to the main app project (.NET Standard Library) using a simple dependency service.
You can use it however you want though, there's actions it can take in either the App or the App.Android project.
The important thing is getting the deep link.
The firebase docs have good examples, but written in java or whatever language native android uses. here
I'll be showing mostly the same, just in C# examples
Get The Intent.
What is the intent you want to get? The deep link you are sending into your app Ex. "https://mycoolapp.com/mainpage"
You want to get it in the MainActivity. Below is an extremely simplified example, but it's just about that easy. Now you should be able to do what you want with that link inside of your app.
TIPS
Be careful if you have something that interrupts your startup procedures.
My Application uses a splash screen. Part of that is a line of code that creates a new Intent, overwriting the one sent in from the dynamic link
So I have my DeepLinkHandler fire off before that operation, and store the deep link in a static string.
Once it's in a static string I can use a dependency service from the Main App(.NET Standard Library) to call the GetDynamicLinkString method and return the deep link as a string.
How to Test Using an Emulator and Debugger
I have a simple settings page on my app. I added a field that would print the deep link, if it has one.
Fire off the emulator like normal using the debugger. The deep link field should be empty.
With the emulator still running, minimize the app.
Open a browser and enter in the short link url.
This should re-launch your app, but this time the deep link field has the url that you set on the firebase console.
Hope this is able to save someone some headaches.
-Tim
So i've been working on a google chrome extension which alters HTML in a list of specific pages. What this means is that I don't have an HTML file to insert the firebase and firestore library urls into, which should then go into the manifest.json file.
After having downloaded the actual library files and added them to the content_scripts the firestore library seems to be throwing a error which tells me the firestore library file is not UTF-8 encoded. The firebase library itself works perfectly fine but the firestore file won't.
I've tried working around this issue by loading the libraries inside of my background.html and somehow parsing the data I get there to my actual app but this seemed very unpractical. There is also not a lot to be found when specifically looking for a combination between firestore and google chrome extentions.
UTF-8 Encoding the firestore file with the standard mac-os tools didn't do much for me either, as is suggested by one other issue I found on this matter.
So my question pretty much sums up to: "How do you include the firestore library into a google chrome extension through the manifest.json?".
Haven't found any solution yet, one month later.