Missing response content validation after performing network operation

[amazuerar]

Dear Developer!

My name is Alejandro Mazuera-Rozo, I am a PhD Student at Universidad de los Andes, and at Università della Svizzera italiana. I am part of a research on the usage of network libraries within Android apps. As result of this we identified some code locations that might have network related problems.

In this case, we address the code locations that are related to a potential issue concerning a missing validation of the response content against expected values. It would be a good practice to validate whether external server’s responses are correct, use validation rules.

In order to address this issue we recommend you to visit:

1. https://developer.android.com/training/volley/requestqueue

Potential Code Location missing Response Content validation

1. When a new request is being added to the Volley queue:

stately/Stately/app/src/main/java/com/lloydtorres/stately/census/TrendsActivity.java

Line 274 in 1992d85

if (!DashHelper.getInstance(this).addRequest(stringRequest)) {

2. There is no validation when assigning response inside the onResponse() method
   

   stately/Stately/app/src/main/java/com/lloydtorres/stately/census/TrendsActivity.java

   Lines 227 to 236 in 1992d85

   	NSStringRequest stringRequest = new NSStringRequest(getApplicationContext(),
   	Request.Method.GET, targetURL,
   	new Response.Listener<String>() {
   	CensusHistory censusResponse = null;
   	@Override
   	public void onResponse(String response) {
   	Persister serializer = new Persister();
   	try {
   	censusResponse = serializer.read(CensusHistory.class, response);