Signal/Android
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Android.git synced 2025-12-24 04:58:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Detect URL patterns that will crash OkHttp.

Browse Source 
Addresses #12998.
This commit is contained in:
Nicholas Tinsley
2023-06-13 12:18:34 -04:00
parent 458dae227f
commit 9c0c25ef99
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/src/main/java/org/thoughtcrime/securesms/util/LinkUtil.kt
View File

@@ -13,6 +13,7 @@ object LinkUtil {
private val ALL_ASCII_PATTERN = Pattern.compile("^[\\x00-\\x7F]*$")
private val ALL_NON_ASCII_PATTERN = Pattern.compile("^[^\\x00-\\x7F]*$")
private val ILLEGAL_CHARACTERS_PATTERN = Pattern.compile("[\u202C\u202D\u202E\u2500-\u25FF]")
private val ILLEGAL_PERIODS_PATTERN = Pattern.compile("(\\.{2,}|…)")
private val INVALID_DOMAINS = listOf("example", "example\\.com", "example\\.net", "example\\.org", "i2p", "invalid", "localhost", "onion", "test")
private val INVALID_DOMAINS_REGEX: Regex = Regex("^(.+\\.)?(${INVALID_DOMAINS.joinToString("|")})\\.?\$")
@@ -66,6 +67,10 @@ object LinkUtil {
return LegalCharactersResult(false)
}
if (ILLEGAL_PERIODS_PATTERN.matcher(url).find()) {
return LegalCharactersResult(false)
}
val matcher = DOMAIN_PATTERN.matcher(url)
if (!matcher.matches()) {
return LegalCharactersResult(false)

2
app/src/test/java/org/thoughtcrime/securesms/util/LinkUtilTest_isValidPreviewUrl.kt
View File

@@ -38,6 +38,8 @@ class LinkUtilTest_isValidPreviewUrl(private val input: String, private val outp
arrayOf("кц.рф\u25AA", false),
arrayOf("кц.рф\u25FF", false),
arrayOf("", false),
arrayOf("https://…", false),
arrayOf("https://...", false),
arrayOf("https://cool.example", false),
arrayOf("https://cool.example.com", false),
arrayOf("https://cool.example.net", false),