Closed andyholmes closed 2 months ago
I think this is a reasonable fix, but you're the clipboard expert now :upside_down_face:
Sorry to bring this up again. But since #460 was merged, I think we should discuss more about this, cause in the current code, if the contentType
is unknown, we're loading its content which might lead to RCE in some case. Do you think some whitelisting like this would be better ? And could you please explain why are we load the content with contentType
/text
? @andyholmes
const allowed = ['/image', '/text']
if (contentType && allowed.some(type => contentType.startsWith(type)) {
bytes = await new Promise((resolve, reject) => file.load_contents_async(null, (obj, res) => {
let [success, contents] = obj.load_contents_finish(res);
if (success) {
resolve(contents);
}
else {
reject(
new Error('Clipboard Indicator: could not read image file from cache')
);
}
}));
}
else {
bytes = new TextEncoder().encode(jsonEntry.contents);
}
I can not explain that, sorry. The intention was to retain the same behavior, without relying on the advertised clipboard file being an image or text.
If the content type of the file is unknown, it is loading the literal contents of the clipboard; which is a file path.
Sorry, I didn't review your previous pull request, I only read your explanation. You're right that this line:
Should instead be something like:
if (!contentType?.startsWith('image/') && !contentType?.startsWith('text/')) {
There's a couple ways you can perform the same logical test, but the branch should be followed whenever the content type is neither text/*
nor image/*
.
filePath
) the original problem would not existI see, at the end of the day, it's just how we want to deal with null
or undefined
content type, cause tbh, I'm not sure what exactly the case that it has those values , the docs just use unknown without a clear explanation. But if the content
field contains the file path, I think we're fine with both approaches
Unknown in this context is pretty literal. There are only so many ways you can safely detect the content of file (i.e. magic numbers).
The clipboard content type may be a filename represented by a variety of mime-types, so double-check it is supported type before loading the contents.
closes #447 closes #453