Google Play商店安全警报说您的应用程序包含漏洞JavaScript库,如何删除安全警告? [英] Google Play Store Security Alert Says that your app contains Vulnerable JavaScript libraries how to remove the security warning?

查看:451
本文介绍了Google Play商店安全警报说您的应用程序包含漏洞JavaScript库,如何删除安全警告?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在Google Play商店中,这样的警告正在发出,

In Google Play Store am getting warning below like this,

您的应用程序包含一个或多个存在已知安全问题的库.有关详细信息,请参阅此 Google帮助中心文章.

Your app contains one or more libraries with known security issues. Please see this Google Help Center article for details.

易受攻击的JavaScript库:

Vulnerable JavaScript libraries:

  • 名称-> jquery
  • 版本-> 3.3.1
  • 已知问题-> SNYK-JS-JQUERY-174006
  • 已识别的文件-> res/raw/jquery_min.js

注意:在我的应用程序中加载webview时,我将在webview url中访问InterceptRequest并从原始文件夹资源中加载本地jquery_min.js文件,由于此功能,该功能可帮助我们更快地加载网页,并且我每个月从服务器保存5 GB的下载量

Note: when loading webview in my app i will InterceptRequest in webview url and load the local jquery_min.js file from raw folder resource which helps us to load the webpage faster due this function and i save 5 gb download from server per month.

示例WebView程序

Sample WebView Program

    LoadLocalScripts localScripts=new LoadLocalScripts(this);
    webView.setWebViewClient(new WebViewClient() {


                public boolean shouldOverrideUrlLoading(WebView view, String url) {

                    return true;
                }

                //Show loader on url load
                public void onLoadResource(WebView view, String url) {

                }

                public void onPageFinished(WebView view, String url) {

                    }
                @Override
                public void onReceivedError(WebView view, int errorCode, String description, String failingUrl) {

                }


                @Override
                public WebResourceResponse shouldInterceptRequest (final WebView view, String url) {

                    WebResourceResponse response= localScripts.getLocalSCripts(url);
                    if(response==null) {
                        return super.shouldInterceptRequest(view, url);
                    }else{
                        return response;
                    }
                }


            });

  webView.loadUrl(url);

用于加载本地脚本的类

 public class LoadLocalScripts {
    private Context ctx;

    public LoadLocalScripts(Context context) {
        ctx=context;
    }

    public WebResourceResponse getLocalSCripts(String url)
    {
        //Log.e("url_raw",url);

        if (url.contains(".css")) {
            if(url.contains("bootstrap.min.css")) {
                return getCssWebResourceResponseFromRawResource("bootstrap_min.css");
            }else {
                return null;
            }
        }else  if (url.contains(".js")){
             if(url.contains("bootstrap.min.js")) {
                return getScriptWebResourceResponseFromRawResource("bootstrap_min.js");
            } else if(url.contains("jquery.lazyload.min.js")) {
                 return getScriptWebResourceResponseFromRawResource("lazyload_min.js");
             } else{
                 return null;
             }
        } else {
            return null;
        }
    }


    /**
     * Return WebResourceResponse with CSS markup from a raw resource (e.g. "raw/style.css").
     */
    private WebResourceResponse getCssWebResourceResponseFromRawResource(String url) {

        //Log.e("url_raw",url);
        if(url.equalsIgnoreCase("bootstrap_min.css")) {
            return getUtf8EncodedCssWebResourceResponse(ctx.getResources().openRawResource(R.raw.bootstrap_min));
        }else {
            return null;
        }
    }

    private WebResourceResponse getScriptWebResourceResponseFromRawResource(String url) {

        //Log.e("url_raw",url);
        if(url.equalsIgnoreCase("bootstrap_min.js")) {
            return getUtf8EncodedScriptWebResourceResponse(ctx.getResources().openRawResource(R.raw.bootstrap_min_js));
        }else if(url.equalsIgnoreCase("lazyload_min.js")) {
            return getUtf8EncodedScriptWebResourceResponse(ctx.getResources().openRawResource(R.raw.lazyload_min));
        }else {
            return null;
        }
    }


    private WebResourceResponse getUtf8EncodedCssWebResourceResponse(InputStream data) {
        return new WebResourceResponse("text/css", "UTF-8", data);
    }

    private WebResourceResponse getUtf8EncodedScriptWebResourceResponse(InputStream data) {
        return new WebResourceResponse("text/javascript", "UTF-8", data);
    }
}

  1. 如果我对Jquery脚本进行了新的更新,则Google Play会删除安全性 警报(易受攻击的JavaScript库)?
  2. 如果我将Jquery脚本放置在我的应用程序中的其他位置,则Google会播放 删除安全警报?
  3. 让我知道在其中加载脚本的有效方法是什么 webview无需每次都从服务器加载.
  1. If i update new to Jquery script will google play remove Security Alert (Vulnerable JavaScript libraries)?
  2. If i place Jquery script somewhere else in my app will google play remove Security Alert?
  3. Let me know what is the efficient way of loading the script in webview without loading everytime from the server.

推荐答案

此问题涉及来自res/raw/jquery_min.js文件的jquery的旧漏洞.

This issue refers to an old vulnerability of jquery from your res/raw/jquery_min.js file.

只需将jquery_min.js更新到v3.4.1并对其进行修复.

Just updated the jquery_min.js to v3.4.1 and fix it.

您可以在代码更改中手动修复它:

You can fix it manually in your file change in the code:

发件人:

if(null!=(e=arguments[s]))for(t in e)n=a[t],a!==(r=e[t])&&(l&&r&&(w.isPlainObject(r)||

收件人:

if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(k.isPlainObject(r)||

我在 https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/并为我工作.

这篇关于Google Play商店安全警报说您的应用程序包含漏洞JavaScript库,如何删除安全警告?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
移动开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆