mirror/monocles_chat
1
0
Fork 1
mirror of https://codeberg.org/monocles/monocles_chat.git synced 2025-01-15 22:22:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Don't show aesgcm urls to people

Browse source 
(cherry picked from commit 3d1c7e7e2e72e6e3b2e28be2dd6577595e25978e)
This commit is contained in:
Stephen Paul Weber 2024-02-06 17:09:12 -05:00 committed by 12aw
parent 0e461c28ca
commit e6cdb7c55b
2 changed files with 31 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/main/java/eu/siacs/conversations/entities/Message.java
View file

@ -656,7 +656,10 @@ public class Message extends AbstractEntity implements AvatarService.Avatarable
Pair<StringBuilder, Boolean> result = bodyMinusFallbacks("http://jabber.org/protocol/address", Namespace.OOB);
StringBuilder body = result.first;
if (!result.second && getOob() != null) {
final String aesgcm = MessageUtils.aesgcmDownloadable(body.toString());
if (!result.second && aesgcm != null) {
return body.toString().replace(aesgcm, "");
} else if (!result.second && getOob() != null) {
return body.toString().replace(getOob().toString(), "");
} else if (!result.second && isGeoUri()) {
return "";

27
src/main/java/eu/siacs/conversations/utils/MessageUtils.java
View file

@ -107,6 +107,33 @@ public class MessageUtils {
return validAesGcm || validOob;
}
public static String aesgcmDownloadable(final String body) {
final String[] lines = body.split("\n");
if (lines.length == 0) {
return null;
}
for (final String line : lines) {
if (line.contains("\\s+")) {
return null;
}
}
final URI uri;
try {
uri = new URI(lines[0]);
} catch (final URISyntaxException e) {
return null;
}
if (!URL.WELL_KNOWN_SCHEMES.contains(uri.getScheme())) {
return null;
}
final String ref = uri.getFragment();
final String protocol = uri.getScheme();
final boolean encrypted = ref != null && AesGcmURL.IV_KEY.matcher(ref).matches();
final boolean followedByDataUri = lines.length == 2 && lines[1].startsWith("data:");
final boolean validAesGcm = AesGcmURL.PROTOCOL_NAME.equalsIgnoreCase(protocol) && encrypted && (lines.length == 1 || followedByDataUri);
return validAesGcm ? lines[0] : null;
}
public static String filterLtrRtl(String body) {
return LTR_RTL.matcher(body).replaceFirst(EMPTY_STRING);
}