Revert "Fix Path Traversal To Internal File ExFiltration"

2024-11-26 23:28:42 +03:00 · 2024-03-04 11:47:17 +01:00 · 2024-03-04 11:47:17 +01:00 · 6e340cdd2a
commit 6e340cdd2a
parent c2d8c02de3
2 changed files with 2 additions and 14 deletions
--- a/app/src/androidTest/java/com/owncloud/android/ui/helpers/UriUploaderIT.kt
+++ b/app/src/androidTest/java/com/owncloud/android/ui/helpers/UriUploaderIT.kt
@ -5,14 +5,11 @@ import androidx.test.core.app.launchActivity
 import com.nextcloud.client.jobs.upload.FileUploadWorker
 import com.nextcloud.test.TestActivity
 import com.owncloud.android.AbstractIT
-import com.owncloud.android.lib.common.utils.Log_OC
 import org.junit.Assert
 import org.junit.Test

 class UriUploaderIT : AbstractIT() {

-    private val tag = "UriUploaderIT"
-
    @Test
    fun testUploadPrivatePathSharedPreferences() {
        launchActivity<TestActivity>().use { scenario ->
@ -46,9 +43,6 @@ class UriUploaderIT : AbstractIT() {
            null
        )
        val uploadResult = sut.uploadUris()
-
-        Log_OC.d(tag, "Upload Result: ${uploadResult.name}")
-
        Assert.assertEquals(
            "Wrong result code",
            UriUploader.UriUploaderResultCode.ERROR_SENSITIVE_PATH,
--- a/app/src/main/java/com/owncloud/android/ui/helpers/UriUploader.kt
+++ b/app/src/main/java/com/owncloud/android/ui/helpers/UriUploader.kt
@ -20,8 +20,6 @@
 package com.owncloud.android.ui.helpers

 import android.content.ContentResolver
-import android.content.Context
-import android.content.pm.ProviderInfo
 import android.net.Uri
 import android.os.Parcelable
 import com.nextcloud.client.account.User
@ -72,7 +70,7 @@ class UriUploader(
        try {
            val anySensitiveUri = mUrisToUpload
                .filterNotNull()
-                .any { belongsToCurrentApplication(mActivity, it as Uri) }
+                .any { isSensitiveUri((it as Uri)) }
            if (anySensitiveUri) {
                Log_OC.e(TAG, "Sensitive URI detected, aborting upload.")
                code = UriUploaderResultCode.ERROR_SENSITIVE_PATH
@ -113,11 +111,7 @@ class UriUploader(
        return mUploadPath + displayName
    }

-    private fun belongsToCurrentApplication(ctx: Context, uri: Uri): Boolean {
-        val authority: String = uri.authority.toString()
-        val info: ProviderInfo = ctx.packageManager.resolveContentProvider(authority, 0) ?: return true
-        return ctx.packageName.equals(info.packageName)
-    }
+    private fun isSensitiveUri(uri: Uri): Boolean = uri.toString().contains(mActivity.packageName)

    /**
     * Requests the upload of a file in the local file system to [FileUploadHelper] service.