Signal/Android
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Android.git synced 2026-05-03 23:15:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add redirect validation for link previews.

Browse Source
This commit is contained in:
Greyson Parrelli
2026-04-08 20:44:39 +00:00
committed by jeffrey-signal
parent 7665ae1464
commit 969635d942
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/src/main/java/org/thoughtcrime/securesms/linkpreview/LinkPreviewRepository.java
View File

@@ -38,6 +38,7 @@ import org.thoughtcrime.securesms.linkpreview.LinkPreviewUtil.OpenGraph;
import org.thoughtcrime.securesms.mms.PushMediaConstraints;
import org.thoughtcrime.securesms.net.CallRequestController;
import org.thoughtcrime.securesms.net.CompositeRequestController;
import org.thoughtcrime.securesms.net.LinkPreviewRedirectValidationInterceptor;
import org.thoughtcrime.securesms.net.RequestController;
import org.thoughtcrime.securesms.net.UserAgentInterceptor;
import org.thoughtcrime.securesms.profiles.AvatarHelper;
@@ -93,6 +94,7 @@ public class LinkPreviewRepository {
this.client = new OkHttpClient.Builder()
.cache(null)
.addInterceptor(new UserAgentInterceptor("WhatsApp/2"))
.addNetworkInterceptor(new LinkPreviewRedirectValidationInterceptor())
.build();
}

31
app/src/main/java/org/thoughtcrime/securesms/net/LinkPreviewRedirectValidationInterceptor.kt Normal file
View File

@@ -0,0 +1,31 @@
package org.thoughtcrime.securesms.net
import okhttp3.Interceptor
import okhttp3.Response
import org.signal.core.util.logging.Log
import org.signal.core.util.logging.Log.tag
import org.thoughtcrime.securesms.util.LinkUtil.isValidPreviewUrl
import java.io.IOException
/**
* Validates redirects for link preview requests to ensure they all meet the link criteria.
*/
class LinkPreviewRedirectValidationInterceptor : Interceptor {
companion object {
private val TAG = tag(LinkPreviewRedirectValidationInterceptor::class)
}
@Throws(IOException::class)
override fun intercept(chain: Interceptor.Chain): Response {
val url = chain.request().url.toString()
if (!isValidPreviewUrl(url)) {
Log.w(TAG, "Redirect target failed link preview URL validation.")
chain.call().cancel()
throw IOException("Redirect target is not a valid preview URL.")
}
return chain.proceed(chain.request())
}
}