Merge pull request #181 from zcash/bugfix/possible-shell-injection

Fix: security finding in issue #121.
2020-07-29 02:25:46 -04:00 · 2020-07-29 02:25:46 -04:00 · f9e085f661
parent 1e08739221 9873e9efbe
commit f9e085f661
1 changed files with 9 additions and 2 deletions
--- a/app/src/main/java/cash/z/ecc/android/ui/profile/ProfileFragment.kt
+++ b/app/src/main/java/cash/z/ecc/android/ui/profile/ProfileFragment.kt
@ -25,6 +25,7 @@ import kotlinx.coroutines.launch
 import okio.Okio
 import java.io.File
 import java.io.IOException
+import java.lang.IllegalArgumentException


 class ProfileFragment : BaseFragment<FragmentProfileBinding>() {
@ -109,8 +110,14 @@ class ProfileFragment : BaseFragment<FragmentProfileBinding>() {

    private fun writeLogcat(): File? {
        try {
-            val outputFile = File("${ZcashWalletApp.instance.filesDir}/logs", "developer_log.txt")
-            val cmd = arrayOf("/bin/sh", "-c", "logcat -v time -d | grep \"@TWIG\" > ${outputFile.absolutePath}")
+            // Note: the /logs directory has been configured as a file provider under @xml/file_paths which allows the temporary sharing of this file
+            val outputFile = File("${ZcashWalletApp.instance.filesDir}/logs", "developer_log.txt").also { it.parentFile.mkdirs() }
+            if (!outputFile.parentFile.isDirectory) {
+                // addresses security finding in issue #121
+                throw IllegalArgumentException("Invalid path: ${outputFile.parentFile}. Verify" +
+                        " that the default files directory is not being manipulated.")
+            }
+            val cmd = arrayOf("/bin/sh", "-c", "logcat -v time -d | grep '@TWIG' > '${outputFile.absolutePath}'")
            Runtime.getRuntime().exec(cmd)
            return outputFile
        } catch (e: IOException) {