Warnings for dangerous files

2018-10-03 18:12:42 -07:00 · 2018-10-03 18:12:42 -07:00 · ca61c9cb85
commit ca61c9cb85
parent 3b8f934741
15 changed files with 232 additions and 13 deletions
--- a/js/modules/types/attachment.js
+++ b/js/modules/types/attachment.js
@ -108,6 +108,29 @@ exports._replaceUnicodeOrderOverridesSync = attachment => {
 exports.replaceUnicodeOrderOverrides = async attachment =>
  exports._replaceUnicodeOrderOverridesSync(attachment);

+// \u202A-\u202E is LRE, RLE, PDF, LRO, RLO
+// \u2066-\u2069 is LRI, RLI, FSI, PDI
+// \u200E is LRM
+// \u200F is RLM
+// \u061C is ALM
+const V2_UNWANTED_UNICODE = /[\u202A-\u202E\u2066-\u2069\u200E\u200F\u061C]/g;
+
+exports.replaceUnicodeV2 = async attachment => {
+  if (!is.string(attachment.fileName)) {
+    return attachment;
+  }
+
+  const fileName = attachment.fileName.replace(
+    V2_UNWANTED_UNICODE,
+    UNICODE_REPLACEMENT_CHARACTER
+  );
+
+  return {
+    ...attachment,
+    fileName,
+  };
+};
+
 exports.removeSchemaVersion = ({ attachment, logger }) => {
  if (!exports.isValid(attachment)) {
    logger.error(
--- a/js/modules/types/message.js
+++ b/js/modules/types/message.js
@ -44,6 +44,9 @@ const PRIVATE = 'private';
 // Version 8
 //   - Attachments: Capture video/image dimensions and thumbnails, as well as a
 //       full-size screenshot for video.
+// Version 9
+//   - Attachments: Expand the set of unicode characters we filter out of
+//     attachment filenames

 const INITIAL_SCHEMA_VERSION = 0;

@ -270,6 +273,11 @@ const toVersion8 = exports._withSchemaVersion({
  upgrade: exports._mapAttachments(Attachment.captureDimensionsAndScreenshot),
 });

+const toVersion9 = exports._withSchemaVersion({
+  schemaVersion: 9,
+  upgrade: exports._mapAttachments(Attachment.replaceUnicodeV2),
+});
+
 const VERSIONS = [
  toVersion0,
  toVersion1,
@ -280,6 +288,7 @@ const VERSIONS = [
  toVersion6,
  toVersion7,
  toVersion8,
+  toVersion9,
 ];
 exports.CURRENT_SCHEMA_VERSION = VERSIONS.length - 1;