cool#9219 clipboard: only accept downloaded data in own format
Signed-off-by: Miklos Vajna <vmiklos@collabora.com> Change-Id: If11229b713174a6c3d1a9794281858d6a8f64294
This commit is contained in:
Miklos Vajna
Caolán McNamara
parent
405272ceef
commit
37062207bf
3 changed files with 68 additions and 3 deletions
|
|
@ -32,6 +32,36 @@ struct ClipboardData
|
|||
{
|
||||
}
|
||||
|
||||
/// Determines if inStream is a list of mimetype-length-bytes tuples, as expected.
|
||||
static bool isOwnFormat(std::istream& inStream)
|
||||
{
|
||||
if (inStream.eof())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
std::string mime, hexLen;
|
||||
std::getline(inStream, mime, '\n');
|
||||
if (mime.empty())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
std::getline(inStream, hexLen, '\n');
|
||||
if (hexLen.empty())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
uint64_t len = strtoll(hexLen.c_str(), nullptr, 16);
|
||||
if (len == 0)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
void read(std::istream& inStream)
|
||||
{
|
||||
while (!inStream.eof())
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@
|
|||
|
||||
#include <string>
|
||||
|
||||
#include <common/Clipboard.hpp>
|
||||
#include <net/HttpRequest.hpp>
|
||||
|
||||
#include <test/lokassert.hpp>
|
||||
|
|
@ -36,6 +37,7 @@ class HttpWhiteBoxTests : public CPPUNIT_NS::TestFixture
|
|||
|
||||
CPPUNIT_TEST(testRequestParserValidComplete);
|
||||
CPPUNIT_TEST(testRequestParserValidIncomplete);
|
||||
CPPUNIT_TEST(testClipboardIsOwnFormat);
|
||||
|
||||
CPPUNIT_TEST_SUITE_END();
|
||||
|
||||
|
|
@ -46,6 +48,7 @@ class HttpWhiteBoxTests : public CPPUNIT_NS::TestFixture
|
|||
void testHeader();
|
||||
void testRequestParserValidComplete();
|
||||
void testRequestParserValidIncomplete();
|
||||
void testClipboardIsOwnFormat();
|
||||
};
|
||||
|
||||
void HttpWhiteBoxTests::testStatusLineParserValidComplete()
|
||||
|
|
@ -226,6 +229,29 @@ void HttpWhiteBoxTests::testRequestParserValidIncomplete()
|
|||
LOK_ASSERT_EQUAL(expHost, req.header().get("Host"));
|
||||
}
|
||||
|
||||
void HttpWhiteBoxTests::testClipboardIsOwnFormat()
|
||||
{
|
||||
constexpr auto testname = __func__;
|
||||
{
|
||||
std::string body = R"x(application/x-openoffice-embed-source-xml;windows_formatname="Star Embed Source (XML)"
|
||||
1def
|
||||
PK)x";
|
||||
std::istringstream stream(body);
|
||||
|
||||
LOK_ASSERT_EQUAL(ClipboardData::isOwnFormat(stream), true);
|
||||
}
|
||||
{
|
||||
std::string body = R"(<!DOCTYPE html>
|
||||
<html>
|
||||
<head>)";
|
||||
std::istringstream stream(body);
|
||||
|
||||
// This is expected to fail: format is mimetype-length-bytes tuples and here the second line
|
||||
// is not a hex size.
|
||||
LOK_ASSERT_EQUAL(ClipboardData::isOwnFormat(stream), false);
|
||||
}
|
||||
}
|
||||
|
||||
CPPUNIT_TEST_SUITE_REGISTRATION(HttpWhiteBoxTests);
|
||||
|
||||
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
||||
|
|
|
|||
|
|
@ -343,9 +343,18 @@ void ClientSession::handleClipboardRequest(DocumentBroker::ClipboardRequest
|
|||
}
|
||||
|
||||
std::string body = httpResponse->getBody();
|
||||
docBroker->forwardToChild(client_from_this(), "setclipboard\n" + body,
|
||||
true);
|
||||
docBroker->forwardToChild(client_from_this(), "uno " + commandName);
|
||||
std::istringstream stream(body);
|
||||
if (ClipboardData::isOwnFormat(stream))
|
||||
{
|
||||
docBroker->forwardToChild(client_from_this(), "setclipboard\n" + body,
|
||||
true);
|
||||
docBroker->forwardToChild(client_from_this(), "uno " + commandName);
|
||||
}
|
||||
else
|
||||
{
|
||||
LOG_ERR("Clipboard download: unexpected data format");
|
||||
return;
|
||||
}
|
||||
};
|
||||
|
||||
std::shared_ptr<http::Session> httpSession = http::Session::create(url);
|
||||
|
|
|
|||
Loading…
Reference in a new issue