From 4be9bd83bfdcaf3f488fcdc5bbe87d423e679152 Mon Sep 17 00:00:00 2001 From: Adrian Malacoda Date: Fri, 30 Oct 2020 04:55:17 -0500 Subject: [PATCH] android: implement better mechanism for generating filename from file uri, using jodd to map mime type to extension and using the file's extension if it has one (sometimes it does not) note that blindly trusting the name/extension of the file has security ramifications if you don't know what you are doing (and even if the extension is correct, e.g. if you upload a php file to a php enabled server). It is expected you know what you are doing since you have full control of the server. --- android/pom.xml | 5 ++ .../java/net/monarchpass/piecannon/Send.java | 59 +++++++++++-------- 2 files changed, 38 insertions(+), 26 deletions(-) diff --git a/android/pom.xml b/android/pom.xml index 7abe07d..3ae5b77 100644 --- a/android/pom.xml +++ b/android/pom.xml @@ -29,6 +29,11 @@ jsch 0.1.55 + + org.jodd + jodd-util + 6.0.0 + com.google.code.gson gson diff --git a/android/src/main/java/net/monarchpass/piecannon/Send.java b/android/src/main/java/net/monarchpass/piecannon/Send.java index 6e2d544..e7a1323 100644 --- a/android/src/main/java/net/monarchpass/piecannon/Send.java +++ b/android/src/main/java/net/monarchpass/piecannon/Send.java @@ -18,6 +18,8 @@ import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.ExecutionException; +import jodd.net.MimeTypes; + import lombok.AllArgsConstructor; public class Send extends Activity { @@ -43,34 +45,24 @@ public class Send extends Activity { text.setText(imageUri.toString()); final ContentResolver resolver = getContentResolver(); - final String type = resolver.getType(imageUri); - String extension; - - if ("image/gif".equals(type)) { - extension = ".gif"; - } else if ("image/png".equals(type)) { - extension = ".png"; - } else { - extension = ".jpg"; - } - - final String fileName = imageUri.getLastPathSegment() + extension; final Server testServer = new TestServer(); - try - { - final URI uploaded = executor.submit(() -> testServer.upload(fileName, new ContentByteSource(resolver, imageUri))) - .get(); - text.setText(uploaded.toString()); - shareUploadUrl(uploaded); - } - catch (final InterruptedException | ExecutionException exception) { - final StringWriter buf = new StringWriter(); - final PrintWriter out = new PrintWriter(buf); - out.println("in: " + imageUri + " -> " + fileName); - exception.printStackTrace(out); - text.setText(buf.toString()); - } + executor.submit(() -> { + try + { + final URI uploaded = testServer.upload(createFileNameForUri(imageUri, resolver), new ContentByteSource(resolver, imageUri)); + runOnUiThread(() -> { + text.setText(uploaded.toString()); + shareUploadUrl(uploaded); + }); + } + catch (final Exception exception) { + final StringWriter buf = new StringWriter(); + final PrintWriter out = new PrintWriter(buf); + exception.printStackTrace(out); + runOnUiThread(() -> text.setText(buf.toString())); + } + }); } public void shareUploadUrl (final URI uploadedUrl) { @@ -80,6 +72,21 @@ public class Send extends Activity { startActivity(Intent.createChooser(sharingIntent, "Share uploaded url")); } + public static String createFileNameForUri (final Uri uri, final ContentResolver resolver) { + final String filename = uri.getLastPathSegment(); + if (filename.contains(".")) { + return filename; + } + + final String type = resolver.getType(uri); + final String[] extensions = MimeTypes.findExtensionsByMimeTypes(type, false); + if (extensions.length > 0) { + return filename + "." + extensions[0]; + } + + throw new RuntimeException("Could not construct a file name"); + } + @AllArgsConstructor public static class ContentByteSource extends ByteSource { private final ContentResolver resolver;