Skip to content

Commit

Permalink
Merge pull request #12643 from nextcloud/revert-12577-fix/internal-fi…
Browse files Browse the repository at this point in the history 
…le-exfiltration

Revert "Fix Path Traversal To Internal File ExFiltration"
  • Loading branch information
@tobiasKaminsky
tobiasKaminsky authored Mar 4, 2024
2 parents c2d8c02 + 6e340cd commit 9191ec0
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 14 deletions.
6 changes: 0 additions & 6 deletions app/src/androidTest/java/com/owncloud/android/ui/helpers/UriUploaderIT.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,11 @@ import androidx.test.core.app.launchActivity
import com.nextcloud.client.jobs.upload.FileUploadWorker
import com.nextcloud.test.TestActivity
import com.owncloud.android.AbstractIT
import com.owncloud.android.lib.common.utils.Log_OC
import org.junit.Assert
import org.junit.Test

class UriUploaderIT : AbstractIT() {

private val tag = "UriUploaderIT"

@Test
fun testUploadPrivatePathSharedPreferences() {
launchActivity<TestActivity>().use { scenario ->
Expand Down Expand Up @@ -46,9 +43,6 @@ class UriUploaderIT : AbstractIT() {
null
)
val uploadResult = sut.uploadUris()

Log_OC.d(tag, "Upload Result: ${uploadResult.name}")

Assert.assertEquals(
"Wrong result code",
UriUploader.UriUploaderResultCode.ERROR_SENSITIVE_PATH,
Expand Down
10 changes: 2 additions & 8 deletions app/src/main/java/com/owncloud/android/ui/helpers/UriUploader.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,6 @@
package com.owncloud.android.ui.helpers

import android.content.ContentResolver
import android.content.Context
import android.content.pm.ProviderInfo
import android.net.Uri
import android.os.Parcelable
import com.nextcloud.client.account.User
Expand Down Expand Up @@ -72,7 +70,7 @@ class UriUploader(
try {
val anySensitiveUri = mUrisToUpload
.filterNotNull()
.any { belongsToCurrentApplication(mActivity, it as Uri) }
.any { isSensitiveUri((it as Uri)) }
if (anySensitiveUri) {
Log_OC.e(TAG, "Sensitive URI detected, aborting upload.")
code = UriUploaderResultCode.ERROR_SENSITIVE_PATH
Expand Down Expand Up @@ -113,11 +111,7 @@ class UriUploader(
return mUploadPath + displayName
}

private fun belongsToCurrentApplication(ctx: Context, uri: Uri): Boolean {
val authority: String = uri.authority.toString()
val info: ProviderInfo = ctx.packageManager.resolveContentProvider(authority, 0) ?: return true
return ctx.packageName.equals(info.packageName)
}
private fun isSensitiveUri(uri: Uri): Boolean = uri.toString().contains(mActivity.packageName)

/**
* Requests the upload of a file in the local file system to [FileUploadHelper] service.
Expand Down

0 comments on commit 9191ec0

Please sign in to comment.