CB-7940 Disable exec bridge if bridgeSecret is wrong

commit: db508a2ce804747b783b5ae200525bf2ffd7fe02 [log] [tgz]
author: Andrew Grieve <agrieve@chromium.org> Tue Nov 04 15:57:51 2014 -0500
committer: Ajitha <ajithas@amazon.com> Mon Nov 17 00:33:41 2014 +0530
tree: ea22e3c242dc081faa4f872a6cec15cf2116bc1e
parent: 95d8067036686d6d07a4d7793cbc8f9ff8a68fc4 [diff]
diff --git a/framework/src/org/apache/cordova/CordovaBridge.java b/framework/src/org/apache/cordova/CordovaBridge.java
index f3e48b6..becbd52 100644
--- a/framework/src/org/apache/cordova/CordovaBridge.java
+++ b/framework/src/org/apache/cordova/CordovaBridge.java

@@ -99,6 +99,8 @@
         }
         // Bridge secret wrong and bridge not due to it being from the previous page.
         if (expectedBridgeSecret < 0 || bridgeSecret != expectedBridgeSecret) {
+            Log.e(LOG_TAG, "Bridge access attempt with wrong secret token, possibly from malicious code. Disabling exec() bridge!");
+            clearBridgeSecret();
             throw new IllegalAccessException();
         }
         return true;
commit	db508a2ce804747b783b5ae200525bf2ffd7fe02	[log] [tgz]
author	Andrew Grieve <agrieve@chromium.org>	Tue Nov 04 15:57:51 2014 -0500
committer	Ajitha <ajithas@amazon.com>	Mon Nov 17 00:33:41 2014 +0530
tree	ea22e3c242dc081faa4f872a6cec15cf2116bc1e
parent	95d8067036686d6d07a4d7793cbc8f9ff8a68fc4 [diff]