Warnings for dangerous files

This commit is contained in:
Scott Nonnenberg 2018-10-03 18:12:42 -07:00
parent 3b8f934741
commit ca61c9cb85
15 changed files with 232 additions and 13 deletions

View file

@ -108,6 +108,29 @@ exports._replaceUnicodeOrderOverridesSync = attachment => {
exports.replaceUnicodeOrderOverrides = async attachment =>
exports._replaceUnicodeOrderOverridesSync(attachment);
// \u202A-\u202E is LRE, RLE, PDF, LRO, RLO
// \u2066-\u2069 is LRI, RLI, FSI, PDI
// \u200E is LRM
// \u200F is RLM
// \u061C is ALM
const V2_UNWANTED_UNICODE = /[\u202A-\u202E\u2066-\u2069\u200E\u200F\u061C]/g;
exports.replaceUnicodeV2 = async attachment => {
if (!is.string(attachment.fileName)) {
return attachment;
}
const fileName = attachment.fileName.replace(
V2_UNWANTED_UNICODE,
UNICODE_REPLACEMENT_CHARACTER
);
return {
...attachment,
fileName,
};
};
exports.removeSchemaVersion = ({ attachment, logger }) => {
if (!exports.isValid(attachment)) {
logger.error(

View file

@ -44,6 +44,9 @@ const PRIVATE = 'private';
// Version 8
// - Attachments: Capture video/image dimensions and thumbnails, as well as a
// full-size screenshot for video.
// Version 9
// - Attachments: Expand the set of unicode characters we filter out of
// attachment filenames
const INITIAL_SCHEMA_VERSION = 0;
@ -270,6 +273,11 @@ const toVersion8 = exports._withSchemaVersion({
upgrade: exports._mapAttachments(Attachment.captureDimensionsAndScreenshot),
});
const toVersion9 = exports._withSchemaVersion({
schemaVersion: 9,
upgrade: exports._mapAttachments(Attachment.replaceUnicodeV2),
});
const VERSIONS = [
toVersion0,
toVersion1,
@ -280,6 +288,7 @@ const VERSIONS = [
toVersion6,
toVersion7,
toVersion8,
toVersion9,
];
exports.CURRENT_SCHEMA_VERSION = VERSIONS.length - 1;