Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-16 04:39:54 +01:00
Code Issues Projects Releases Wiki Activity

Throw NoSuchMessageException if attachment is invalid.

Browse Source
This commit is contained in:
akwizgran
2021-01-22 14:01:36 +00:00
parent aed5ac5bb4
commit e616fc3da7
4 changed files with 11 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
briar-api/src/main/java/org/briarproject/briar/api/attachment/AttachmentReader.java
View File

@@ -1,15 +1,19 @@
package org.briarproject.briar.api.attachment; package org.briarproject.briar.api.attachment;
import org.briarproject.bramble.api.db.DbException; import org.briarproject.bramble.api.db.DbException;
import org.briarproject.bramble.api.db.NoSuchMessageException;
public interface AttachmentReader { public interface AttachmentReader {
/** /**
* Returns the attachment with the given attachment header. * Returns the attachment with the given attachment header.
* *
* @throws InvalidAttachmentException If the header refers to a message * @throws NoSuchMessageException If the header refers to a message in
* a different group from the one specified in the header, to a message
* that is not an attachment, or to an attachment that does not have the * that is not an attachment, or to an attachment that does not have the
* expected content type * expected content type. This is meant to prevent social engineering
* attacks that use invalid attachment IDs to test whether messages exist
* in the victim's database
*/ */
Attachment getAttachment(AttachmentHeader h) throws DbException; Attachment getAttachment(AttachmentHeader h) throws DbException;

21
briar-api/src/main/java/org/briarproject/briar/api/attachment/InvalidAttachmentException.java
View File

@@ -1,21 +0,0 @@
package org.briarproject.briar.api.attachment;
import org.briarproject.bramble.api.db.DbException;
import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
/**
* An exception that is thrown when an {@link AttachmentHeader} is used to
* load an {@link Attachment}, and the header refers to a message that is not
* an attachment, or to an attachment that does not have the expected content
* type.
*/
@NotNullByDefault
public class InvalidAttachmentException extends DbException {
public InvalidAttachmentException() {
super();
}
public InvalidAttachmentException(Throwable t) {
super(t);
}
}

5
briar-core/src/main/java/org/briarproject/briar/attachment/AttachmentReaderImpl.java
View File

@@ -10,7 +10,6 @@ import org.briarproject.bramble.api.sync.MessageId;
import org.briarproject.briar.api.attachment.Attachment; import org.briarproject.briar.api.attachment.Attachment;
import org.briarproject.briar.api.attachment.AttachmentHeader; import org.briarproject.briar.api.attachment.AttachmentHeader;
import org.briarproject.briar.api.attachment.AttachmentReader; import org.briarproject.briar.api.attachment.AttachmentReader;
import org.briarproject.briar.api.attachment.InvalidAttachmentException;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.InputStream; import java.io.InputStream;
@@ -44,13 +43,13 @@ public class AttachmentReaderImpl implements AttachmentReader {
BdfDictionary meta = clientHelper.getMessageMetadataAsDictionary(m); BdfDictionary meta = clientHelper.getMessageMetadataAsDictionary(m);
String contentType = meta.getString(MSG_KEY_CONTENT_TYPE); String contentType = meta.getString(MSG_KEY_CONTENT_TYPE);
if (!contentType.equals(h.getContentType())) if (!contentType.equals(h.getContentType()))
throw new InvalidAttachmentException(); throw new NoSuchMessageException();
int offset = meta.getLong(MSG_KEY_DESCRIPTOR_LENGTH).intValue(); int offset = meta.getLong(MSG_KEY_DESCRIPTOR_LENGTH).intValue();
InputStream stream = new ByteArrayInputStream(body, offset, InputStream stream = new ByteArrayInputStream(body, offset,
body.length - offset); body.length - offset);
return new Attachment(h, stream); return new Attachment(h, stream);
} catch (FormatException e) { } catch (FormatException e) {
throw new InvalidAttachmentException(e); throw new NoSuchMessageException();
} }
} }

7
briar-core/src/test/java/org/briarproject/briar/attachment/AttachmentReaderImplTest.java
View File

@@ -9,7 +9,6 @@ import org.briarproject.bramble.api.sync.Message;
import org.briarproject.bramble.test.BrambleMockTestCase; import org.briarproject.bramble.test.BrambleMockTestCase;
import org.briarproject.briar.api.attachment.Attachment; import org.briarproject.briar.api.attachment.Attachment;
import org.briarproject.briar.api.attachment.AttachmentHeader; import org.briarproject.briar.api.attachment.AttachmentHeader;
import org.briarproject.briar.api.attachment.InvalidAttachmentException;
import org.jmock.Expectations; import org.jmock.Expectations;
import org.junit.Test; import org.junit.Test;
@@ -51,14 +50,14 @@ public class AttachmentReaderImplTest extends BrambleMockTestCase {
attachmentReader.getAttachment(wrongGroup); attachmentReader.getAttachment(wrongGroup);
} }
@Test(expected = InvalidAttachmentException.class) @Test(expected = NoSuchMessageException.class)
public void testMissingContentType() throws Exception { public void testMissingContentType() throws Exception {
BdfDictionary meta = new BdfDictionary(); BdfDictionary meta = new BdfDictionary();
testInvalidMetadata(meta); testInvalidMetadata(meta);
} }
@Test(expected = InvalidAttachmentException.class) @Test(expected = NoSuchMessageException.class)
public void testWrongContentType() throws Exception { public void testWrongContentType() throws Exception {
BdfDictionary meta = BdfDictionary.of( BdfDictionary meta = BdfDictionary.of(
new BdfEntry(MSG_KEY_CONTENT_TYPE, "image/png")); new BdfEntry(MSG_KEY_CONTENT_TYPE, "image/png"));
@@ -66,7 +65,7 @@ public class AttachmentReaderImplTest extends BrambleMockTestCase {
testInvalidMetadata(meta); testInvalidMetadata(meta);
} }
@Test(expected = InvalidAttachmentException.class) @Test(expected = NoSuchMessageException.class)
public void testMissingDescriptorLength() throws Exception { public void testMissingDescriptorLength() throws Exception {
BdfDictionary meta = BdfDictionary.of( BdfDictionary meta = BdfDictionary.of(
new BdfEntry(MSG_KEY_CONTENT_TYPE, contentType)); new BdfEntry(MSG_KEY_CONTENT_TYPE, contentType));