From 7d95585c4e554a172c0d367bb5574ad87dff439c Mon Sep 17 00:00:00 2001
From: Kevin Gorham <kevin.gorham@electriccoin.co>
Date: Thu, 2 Jul 2020 18:30:25 -0400
Subject: [PATCH] Fix: security finding in issue #121.

Avoids shell injection by verifying that the supplied value is a file. Also allows for spaces in the file path, which probably fixes certaind devices that were crashing when trying to open logs.
---
 .../java/cash/z/ecc/android/ui/profile/ProfileFragment.kt | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/src/main/java/cash/z/ecc/android/ui/profile/ProfileFragment.kt b/app/src/main/java/cash/z/ecc/android/ui/profile/ProfileFragment.kt
index 2d64156..159a52f 100644
--- a/app/src/main/java/cash/z/ecc/android/ui/profile/ProfileFragment.kt
+++ b/app/src/main/java/cash/z/ecc/android/ui/profile/ProfileFragment.kt
@@ -25,6 +25,7 @@ import kotlinx.coroutines.launch
 import okio.Okio
 import java.io.File
 import java.io.IOException
+import java.lang.IllegalArgumentException
 
 
 class ProfileFragment : BaseFragment<FragmentProfileBinding>() {
@@ -110,7 +111,12 @@ class ProfileFragment : BaseFragment<FragmentProfileBinding>() {
     private fun writeLogcat(): File? {
         try {
             val outputFile = File("${ZcashWalletApp.instance.filesDir}/logs", "developer_log.txt")
-            val cmd = arrayOf("/bin/sh", "-c", "logcat -v time -d | grep \"@TWIG\" > ${outputFile.absolutePath}")
+            if (!outputFile.parentFile.isFile) {
+                // addresses security finding in issue #121
+                throw IllegalArgumentException("Invalid path: ${outputFile.absolutePath}. Verify" +
+                        " that the default files directory is not being manipulated.")
+            }
+            val cmd = arrayOf("/bin/sh", "-c", "logcat -v time -d | grep \"@TWIG\" > \"${outputFile.absolutePath}\"")
             Runtime.getRuntime().exec(cmd)
             return outputFile
         } catch (e: IOException) {