search

firebase / flutterfire

🔥 A collection of Firebase plugins for Flutter apps.
https://firebase.google.com/docs/flutter/setup
BSD 3-Clause "New" or "Revised" License
8.72k stars 3.97k forks source link

[storage]: Storage ref with query params causes app crash #15799

Open davestimpert opened 4 days ago

davestimpert commented 4 days ago

Is there an existing issue for this?

Which plugins are affected?

Storage

Which platforms are affected?

macOS, Web

Description

I'm trying to get a storage ref from a pre-signed storage URL (where therefore has query params on it for the authentication). If I pass this into FirebaseStorage refFromUrl the app hangs and eventually crashes. Confirmed on both web and MacOS. I'm assuming all platforms are affected.

Here's the code where it is happening. The app hangs on the firstMatch

    // google cloud storage url
  } else {
    RegExp cloudStorageRegExp = RegExp(
      '^https?://$_cloudStorageHost$_optionalPort/$_bucketDomain/$_cloudStoragePath',
      caseSensitive: false,
    );

    RegExpMatch? match = cloudStorageRegExp.firstMatch(decodedUrl);

I tested the regex used in regex101

^https?:\/\/(?:storage.googleapis.com|storage.cloud.google.com)(?::\d+)?\/([A-Za-z0-9.\-_]+)\/([^?#]*)*$

And confirmed that if I put querystring params on the url, e.g. https://storage.googleapis.com/myapp.appspot.com/users/john/chat/image.jpg?foo=bar Then there's an error: Catastrophic backtracking has been detected and the execution of your expression has been halted. To find out more and what this is, please read the following article: Runaway Regular Expressions

Reproducing the issue

Call FirebaseStorage.instance.refFromUrl('https://storage.googleapis.com/myapp.appspot.com/users/john/chat/image.jpg?foo=bar')

Firebase Core version

3.3.0

Flutter Version

3.24.4

Relevant Log Output

No response

Flutter dependencies

Expand Flutter dependencies snippet
```yaml Replace this line with the contents of your `flutter pub deps -- --style=compact`. ```

Additional context and comments

No response

davestimpert commented 3 days ago

@paulb777 is this fixed and just not released yet? Not sure why it was closed.

paulb777 commented 3 days ago

Sorry, my mistake. It looks like this issue was in the middle of several spam issues that I bulk closed.

SelaseKay commented 1 day ago

Hi @davestimpert , thanks for the report. I'm able to reproduce this issue.

Reproducible Steps

Reproducible code ```dart UploadTask uploadString() { const String putStringText = 'This upload has been generated using the putString method! Check the metadata too!'; FirebaseStorage.instance.refFromURL('https://storage.cloud.google.com/test-lab-n0yzpjc8fd2wa-ymsv2wu157its/2024-10-31_11-30-37.513184_MMGp/matrix_0/Nexus6P-26-en-portrait-shard_0-rerun_1/test_cases/0000_logcat?foo=bar'); // Create a Reference to the file Reference ref = FirebaseStorage.instance .ref() .child('flutter-tests') .child('/put-string-example.txt'); // Start upload of putString return ref.putString( putStringText, metadata: SettableMetadata( contentLanguage: 'en', customMetadata: {'example': 'putString'}, ), ); } ```
  1. Run the firebase_storage example app with the updated uploadString function above.
  2. Observe that the app freezes.