Strip visual attachment filenames for local device

Co-authored-by: trevor-signal <131492920+trevor-signal@users.noreply.github.com>

ts/services/LinkPreview.preload.ts

@@ -374,7 +374,6 @@ async function getPreview(
         file: new Blob([fetchedImage.data], {
           type: fetchedImage.contentType,
         }),
-        fileName: title,
         highQuality: true,
       });
 

ts/util/handleImageAttachment.preload.ts

@@ -1,7 +1,6 @@
 // Copyright 2020 Signal Messenger, LLC
 // SPDX-License-Identifier: AGPL-3.0-only
 
-import path from 'node:path';
 import { ipcRenderer } from 'electron';
 import { v4 as genUuid } from 'uuid';
 
@@ -38,15 +37,10 @@ export async function handleImageAttachment(
     processedFile = new Blob([convertedData]);
   }
 
-  const {
-    contentType,
-    file: resizedBlob,
-    fileName,
-  } = await autoScale({
+  const { contentType, file: resizedBlob } = await autoScale({
     contentType: isHeic(file.type, file.name)
       ? IMAGE_JPEG
       : stringToMIMEType(file.type),
-    fileName: file.name,
     file: processedFile,
     // We always store draft attachments as HQ
     highQuality: true,
@@ -60,7 +54,8 @@ export async function handleImageAttachment(
     clientUuid: genUuid(),
     contentType,
     data: new Uint8Array(data),
-    fileName: fileName || file.name,
+    // We strip fileNames from visual attachments
+    fileName: undefined,
     path: file.name,
     pending: false,
     size: data.byteLength,
@@ -70,20 +65,17 @@ export async function handleImageAttachment(
 export async function autoScale({
   contentType,
   file,
-  fileName,
   highQuality,
 }: {
   contentType: MIMEType;
   file: File | Blob;
-  fileName: string;
   highQuality: boolean;
 }): Promise<{
   contentType: MIMEType;
   file: Blob;
-  fileName: string;
 }> {
   if (!canBeTranscoded({ contentType })) {
-    return { contentType, file, fileName };
+    return { contentType, file };
   }
 
   const { blob, contentType: newContentType } = await scaleImageToLevel({
@@ -97,15 +89,11 @@ export async function autoScale({
     return {
       contentType,
       file: blob,
-      fileName,
     };
   }
 
-  const { name } = path.parse(fileName);
-
   return {
     contentType: IMAGE_JPEG,
     file: blob,
-    fileName: `${name}.jpg`,
   };
 }

ts/util/handleVideoAttachment.preload.ts

@@ -59,7 +59,8 @@ export async function handleVideoAttachment(
       contentType: stringToMIMEType(file.type),
       clientUuid: generateUuid(),
       data,
-      fileName: file.name,
+      // We strip fileNames from visual attachments
+      fileName: undefined,
       path: file.name,
       pending: false,
       size: data.byteLength,

ts/util/uploadAttachment.preload.ts

@@ -38,6 +38,7 @@ import {
   isValidPlaintextHash,
 } from '../types/Crypto.std.js';
 import type { ExistingAttachmentUploadData } from '../sql/Interface.std.js';
+import { assertDev } from './assert.std.js';
 
 const CDNS_SUPPORTING_TUS = new Set([3]);
 const MAX_DURATION_TO_REUSE_ATTACHMENT_CDN_POINTER = 3 * DAY;
@@ -93,10 +94,19 @@ export async function uploadAttachment(
 
   const { blurHash, caption, clientUuid, flags, height, width } = attachment;
 
-  // Strip filename only for renderable visual media to prevent metadata leakage
-  const shouldStripFilename =
-    isImageAttachment(attachment) || isVideoAttachment(attachment);
-  const fileName = shouldStripFilename ? undefined : attachment.fileName;
+  let { fileName } = attachment;
+  if (isImageAttachment(attachment) || isVideoAttachment(attachment)) {
+    assertDev(
+      fileName == null,
+      'Filename should be stripped from visual attachments'
+    );
+
+    if (fileName != null) {
+      // We continue to strip the filename here just in case there are old draft
+      // attachments without filenames stripped
+      fileName = undefined;
+    }
+  }
 
   return {
     attachmentIdentifier: {