From 5f7394a8e58bdfee26f50185c48dd2ce33d4289f Mon Sep 17 00:00:00 2001
From: Pawel Zak <pawelzak.dev@gmail.com>
Date: Tue, 23 Jul 2024 21:07:01 +0200
Subject: [PATCH] fix: PRODUCT-20664 protection against malicious intent

---
 rampsdk/build.gradle                          |  6 ++---
 .../sdk/ui/activity/RampWidgetActivity.kt     | 22 ++++++++++---------
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/rampsdk/build.gradle b/rampsdk/build.gradle
index 591a242..2f11ea0 100644
--- a/rampsdk/build.gradle
+++ b/rampsdk/build.gradle
@@ -22,8 +22,8 @@ android {
     defaultConfig {
         minSdkVersion 21
         targetSdkVersion 32
-        versionCode 19
-        versionName "4.0.0"
+        versionCode 20
+        versionName "4.0.1"
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
         consumerProguardFiles 'consumer-rules.pro'
         buildConfigField 'String', 'VERSION',  "\"${defaultConfig.versionName}\""
@@ -84,7 +84,7 @@ afterEvaluate {
                 from components.release
                 groupId = 'com.github.RampNetwork'
                 artifactId = 'ramp-sdk-android'
-                version = '4.0.0'
+                version = '4.0.1'
             }
         }
     }
diff --git a/rampsdk/src/main/java/network/ramp/sdk/ui/activity/RampWidgetActivity.kt b/rampsdk/src/main/java/network/ramp/sdk/ui/activity/RampWidgetActivity.kt
index d40f634..85e26bc 100644
--- a/rampsdk/src/main/java/network/ramp/sdk/ui/activity/RampWidgetActivity.kt
+++ b/rampsdk/src/main/java/network/ramp/sdk/ui/activity/RampWidgetActivity.kt
@@ -1,7 +1,6 @@
 package network.ramp.sdk.ui.activity
 
 
-import android.app.Activity
 import android.content.Intent
 import android.content.pm.PackageManager
 import android.net.Uri
@@ -65,15 +64,18 @@ internal class RampWidgetActivity : AppCompatActivity(), Contract.View {
             jsInterface = jsInterface,
             fileChooserLauncher = fileChooserLauncher
         ) { filePathCallback = it }
-        intent.extras?.getParcelable<Config>(CONFIG_EXTRA)?.let {
-            config = it
-        } ?: returnOnError("Config object cannot be null")
-
-        if (savedInstanceState == null) {
-            Timber.d(rampPresenter.buildUrl(config))
-            securityCheck(intent)?.let {
-                binding.webView.loadUrl(it)
-            } ?: close()
+        try {
+            intent.extras?.getParcelable<Config>(CONFIG_EXTRA)?.let {
+                config = it
+            } ?: returnOnError("Config object cannot be null")
+            if (savedInstanceState == null) {
+                Timber.d(rampPresenter.buildUrl(config))
+                securityCheck(intent)?.let {
+                    binding.webView.loadUrl(it)
+                } ?: close()
+            }
+        } catch (ex: Exception) {
+            returnOnError(ex.message ?: "Exception during retrieving intent data")
         }
     }