Add safeguard to block malicious use of removeFolder/removeDataset

opengisch · Jan 23, 2025 · 79f03a6 · 79f03a6
1 parent 02c4244
commit 79f03a6
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 20 deletions.
diff --git a/src/core/platforms/android/androidplatformutilities.cpp b/src/core/platforms/android/androidplatformutilities.cpp
@@ -287,16 +287,29 @@ void AndroidPlatformUtilities::exportDatasetTo( const QString &path ) const
 
 void AndroidPlatformUtilities::removeDataset( const QString &path ) const
 {
-  if ( mActivity.isValid() )
+  bool allowed = false;
+  const QStringList allowedDirectories = QStringList() << applicationDirectory() << additionalApplicationDirectories();
+  for ( const QString &directory : allowedDirectories )
   {
-    runOnAndroidMainThread( [path] {
-      auto activity = qtAndroidContext();
-      if ( activity.isValid() )
-      {
-        QJniObject pathJni = QJniObject::fromString( path );
-        activity.callMethod<void>( "removeDataset", "(Ljava/lang/String;)V", pathJni.object<jstring>() );
-      }
-    } );
+    if ( path.startsWith( directory ) )
+    {
+      allowed = true;
+      break;
+    }
+  }
+  if ( allowed )
+  {
+    if ( mActivity.isValid() )
+    {
+      runOnAndroidMainThread( [path] {
+        auto activity = qtAndroidContext();
+        if ( activity.isValid() )
+        {
+          QJniObject pathJni = QJniObject::fromString( path );
+          activity.callMethod<void>( "removeDataset", "(Ljava/lang/String;)V", pathJni.object<jstring>() );
+        }
+      } );
+    }
   }
 }
 
@@ -332,16 +345,29 @@ void AndroidPlatformUtilities::sendCompressedFolderTo( const QString &path ) con
 
 void AndroidPlatformUtilities::removeFolder( const QString &path ) const
 {
-  if ( mActivity.isValid() )
+  bool allowed = false;
+  const QStringList allowedDirectories = QStringList() << applicationDirectory() << additionalApplicationDirectories();
+  for ( const QString &directory : allowedDirectories )
   {
-    runOnAndroidMainThread( [path] {
-      auto activity = qtAndroidContext();
-      if ( activity.isValid() )
-      {
-        QJniObject pathJni = QJniObject::fromString( path );
-        activity.callMethod<void>( "removeProjectFolder", "(Ljava/lang/String;)V", pathJni.object<jstring>() );
-      }
-    } );
+    if ( path.startsWith( directory ) )
+    {
+      allowed = true;
+      break;
+    }
+  }
+  if ( allowed )
+  {
+    if ( mActivity.isValid() )
+    {
+      runOnAndroidMainThread( [path] {
+        auto activity = qtAndroidContext();
+        if ( activity.isValid() )
+        {
+          QJniObject pathJni = QJniObject::fromString( path );
+          activity.callMethod<void>( "removeProjectFolder", "(Ljava/lang/String;)V", pathJni.object<jstring>() );
+        }
+      } );
+    }
   }
 }
 

diff --git a/src/core/platforms/platformutilities.cpp b/src/core/platforms/platformutilities.cpp
@@ -274,12 +274,38 @@ void PlatformUtilities::sendCompressedFolderTo( const QString &path ) const
 
 void PlatformUtilities::removeDataset( const QString &path ) const
 {
-  QFile::moveToTrash( path );
+  bool allowed = false;
+  const QStringList allowedDirectories = QStringList() << applicationDirectory() << additionalApplicationDirectories();
+  for ( const QString &directory : allowedDirectories )
+  {
+    if ( path.startsWith( directory ) )
+    {
+      allowed = true;
+      break;
+    }
+  }
+  if ( allowed )
+  {
+    QFile::moveToTrash( path );
+  }
 }
 
 void PlatformUtilities::removeFolder( const QString &path ) const
 {
-  QFile::moveToTrash( path );
+  bool allowed = false;
+  const QStringList allowedDirectories = QStringList() << applicationDirectory() << additionalApplicationDirectories();
+  for ( const QString &directory : allowedDirectories )
+  {
+    if ( path.startsWith( directory ) )
+    {
+      allowed = true;
+      break;
+    }
+  }
+  if ( allowed )
+  {
+    QFile::moveToTrash( path );
+  }
 }
 
 ResourceSource *PlatformUtilities::getCameraPicture( const QString &, const QString &, const QString &, QObject * )