Signal/Android
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Android.git synced 2026-06-28 18:15:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Restrict S3 downloads to ReleaseChannel.

Browse Source
This commit is contained in:
Greyson Parrelli
2026-06-08 11:54:38 -04:00
committed by Cody Henthorne
parent aaa7a18190
commit 0ebeb5aa92
2 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/src/main/java/org/thoughtcrime/securesms/contactshare/ContactModelMapper.java
+7 -2
View File
@@ -5,6 +5,7 @@ import androidx.annotation.Nullable;
import org.signal.core.util.logging.Log;
import org.thoughtcrime.securesms.attachments.Attachment;
import org.thoughtcrime.securesms.attachments.Cdn;
import org.thoughtcrime.securesms.attachments.PointerAttachment;
import org.whispersystems.signalservice.api.InvalidMessageStructureException;
import org.whispersystems.signalservice.api.messages.SignalServiceAttachmentPointer;
@@ -119,9 +120,13 @@ public class ContactModelMapper {
try {
SignalServiceAttachmentPointer attachmentPointer = AttachmentPointerUtil.createSignalAttachmentPointer(contact.avatar.avatar);
Attachment attachment = PointerAttachment.forPointer(Optional.of(attachmentPointer.asPointer())).get();
boolean isProfile = Boolean.TRUE.equals(contact.avatar.isProfile);
avatar = new Avatar(null, attachment, isProfile);
if (attachment.cdn == Cdn.S3) {
Log.w(TAG, "Ignoring contact avatar that resolves to the internal release-channel CDN.");
} else {
boolean isProfile = Boolean.TRUE.equals(contact.avatar.isProfile);
avatar = new Avatar(null, attachment, isProfile);
}
} catch (InvalidMessageStructureException e) {
Log.w(TAG, "Unable to create avatar for contact", e);
}
app/src/main/java/org/thoughtcrime/securesms/jobs/AttachmentDownloadJob.kt
+14 -1
View File
@@ -235,7 +235,14 @@ class AttachmentDownloadJob private constructor(
SignalDatabase.attachments.setTransferState(messageId, attachmentId, AttachmentTable.TRANSFER_PROGRESS_STARTED)
when (attachment.cdn) {
Cdn.S3 -> retrieveAttachmentForReleaseChannel(messageId, attachmentId, attachment)
Cdn.S3 -> {
if (!isReleaseChannelMessage(messageId)) {
Log.w(TAG, "Refusing to download an S3 attachment for a message that is not from the release channel.")
markPermanentlyFailed(messageId, attachmentId)
return
}
retrieveAttachmentForReleaseChannel(messageId, attachmentId, attachment)
}
else -> retrieveAttachment(messageId, attachmentId, attachment)
}
@@ -467,6 +474,12 @@ class AttachmentDownloadJob private constructor(
}
}
private fun isReleaseChannelMessage(messageId: Long): Boolean {
val releaseChannelRecipientId = SignalStore.releaseChannel.releaseChannelRecipientId ?: return false
val messageRecord = SignalDatabase.messages.getMessageRecordOrNull(messageId) ?: return false
return messageRecord.fromRecipient.id == releaseChannelRecipientId
}
private fun markFailed(messageId: Long, attachmentId: AttachmentId) {
SignalDatabase.attachments.setTransferProgressFailed(attachmentId, messageId)
}