From 720fb664de02ab4d569f8675f8322d7323a3be4e Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Fri, 19 Aug 2022 09:27:19 -0700 Subject: [PATCH] Add additional checks around file download directories --- .../filesharing/filesharing_functionality.go | 19 ++++++++++++++++++- .../file_sharing_integration_test.go | 18 +++++++++++++++++- 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/functionality/filesharing/filesharing_functionality.go b/functionality/filesharing/filesharing_functionality.go index d69f9ab..a6b778e 100644 --- a/functionality/filesharing/filesharing_functionality.go +++ b/functionality/filesharing/filesharing_functionality.go @@ -74,7 +74,22 @@ func (om *OverlayMessage) ShouldAutoDL() bool { // DownloadFile given a profile, a conversation handle and a file sharing key, start off a download process // to downloadFilePath -func (f *Functionality) DownloadFile(profile peer.CwtchPeer, conversationID int, downloadFilePath string, manifestFilePath string, key string, limit uint64) { +func (f *Functionality) DownloadFile(profile peer.CwtchPeer, conversationID int, downloadFilePath string, manifestFilePath string, key string, limit uint64) error { + + // Don't download files if the download or manifest path is not set + if downloadFilePath == "" || manifestFilePath == "" { + return errors.New("download path or manifest path is empty") + } + + // Don't download files if the download file directory does not exist + if _, err := os.Stat(path.Dir(downloadFilePath)); os.IsNotExist(err) { + return errors.New("download directory does not exist") + } + + // Don't download files if the manifest file directory does not exist + if _, err := os.Stat(path.Dir(manifestFilePath)); os.IsNotExist(err) { + return errors.New("manifest directory does not exist") + } // Store local.filesharing.filekey.manifest as the location of the manifest profile.SetScopedZonedAttribute(attr.LocalScope, attr.FilesharingZone, fmt.Sprintf("%s.manifest", key), manifestFilePath) @@ -87,6 +102,8 @@ func (f *Functionality) DownloadFile(profile peer.CwtchPeer, conversationID int, // Get the value of conversation.filesharing.filekey.manifest.size from `handle` profile.SendScopedZonedGetValToContact(conversationID, attr.ConversationScope, attr.FilesharingZone, fmt.Sprintf("%s.manifest.size", key)) + + return nil } // RestartFileShare takes in an existing filekey and, assuming the manifest exists, restarts sharing of the manifest diff --git a/testing/filesharing/file_sharing_integration_test.go b/testing/filesharing/file_sharing_integration_test.go index 8770d5c..e0570cc 100644 --- a/testing/filesharing/file_sharing_integration_test.go +++ b/testing/filesharing/file_sharing_integration_test.go @@ -192,7 +192,23 @@ func testBobDownloadFile(t *testing.T, bob peer.CwtchPeer, filesharingFunctional err := json.Unmarshal([]byte(messageWrapper.Data), &fileMessageOverlay) if err == nil { - filesharingFunctionality.DownloadFile(bob, 1, "cwtch.out.png", "cwtch.out.png.manifest", fmt.Sprintf("%s.%s", fileMessageOverlay.Hash, fileMessageOverlay.Nonce), constants.ImagePreviewMaxSizeInBytes) + + // try downloading with invalid download dir + err = filesharingFunctionality.DownloadFile(bob, 1, "/do/not/download/this/file/cwtch.out.png", "./cwtch.out.png.manifest", fmt.Sprintf("%s.%s", fileMessageOverlay.Hash, fileMessageOverlay.Nonce), constants.ImagePreviewMaxSizeInBytes) + if err == nil { + t.Fatalf("should not download file with invalid download dir") + } + + // try downloading with invalid manifest dir + err = filesharingFunctionality.DownloadFile(bob, 1, "./cwtch.out.png", "/do/not/download/this/file/cwtch.out.png.manifest", fmt.Sprintf("%s.%s", fileMessageOverlay.Hash, fileMessageOverlay.Nonce), constants.ImagePreviewMaxSizeInBytes) + if err == nil { + t.Fatalf("should not download file with invalid manifest dir") + } + + err = filesharingFunctionality.DownloadFile(bob, 1, "./cwtch.out.png", "./cwtch.out.png.manifest", fmt.Sprintf("%s.%s", fileMessageOverlay.Hash, fileMessageOverlay.Nonce), constants.ImagePreviewMaxSizeInBytes) + if err != nil { + t.Fatalf("could not download file: %v", err) + } } }