Hi Bryan,
On Tue, 2016-02-09 at 01:38 -0500, Bryan Quigley wrote:
> While working on the easyhack[1] to remove export of obsolete formats
Its prolly a good idea to close that easy-hack ;-)
> There also might be a security benefit by not having to
> consider these formats (less import code to harden).
As JanI says, cf. the ESC minutes - being the swiss-army-knife of file
formats that loads ~anything you can throw at it is quite important.
> P.S. Please copy me on replies.
Hopefully the list is configured to do that ;-)
Anyhow - I share your concern wrt. the attack surface that all these
old file filters provide for us; I attach a prototype patch that adds an
'EXOTIC' annotation to our filter descriptions. It is missing a UI
Interaction Handler piece (cf. the hole with the notes and so on in
there ;-) - we'll need a new request type I guess.
My ideal would be to pop up a dialog saying:
"You're asking LibreOffice to open a very unusual file-type.
Unless you are certain that this file is indeed a <Lotus
Word Pro> file it is safest to not open it.
[ ] - never show this again
[ this is an unusual file ] [get me out of here ]"
Of some kind =) is that something you'd be interested in working on ?
All the best,
Michael.
--
[email protected] <><, Pseudo Engineer, itinerant idiot
From 637f57758b1bb4b951fb48cc49fe5071f9533953 Mon Sep 17 00:00:00 2001
From: Michael Meeks <[email protected]>
Date: Wed, 25 Feb 2015 15:07:19 +0000
Subject: [PATCH] First cut at annotating 'exotic' filters.
The idea being that we can improve security by warning for these.
Change-Id: I7d993417bfb6a8fe868bc3e07ccbcfe71bf285ff
---
filter/source/config/cache/constant.hxx | 2 ++
filter/source/config/cache/filtercache.cxx | 6 ++++++
filter/source/config/fragments/filters/AbiWord.xcu | 2 +-
filter/source/config/fragments/filters/StarOffice_XML__Base_.xcu | 2 +-
filter/source/config/fragments/filters/StarOffice_XML__Writer_.xcu | 2 +-
filter/source/config/fragments/filters/T602Document.xcu | 2 +-
filter/source/config/fragments/filters/XPM.xcu | 2 +-
filter/source/config/fragments/filters/writer_MIZI_Hwp_97.xcu | 2 +-
include/comphelper/documentconstants.hxx | 2 ++
include/sfx2/docfilt.hxx | 3 +++
10 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/filter/source/config/cache/constant.hxx b/filter/source/config/cache/constant.hxx
index 98327f0..f21ee55 100644
--- a/filter/source/config/cache/constant.hxx
+++ b/filter/source/config/cache/constant.hxx
@@ -124,6 +124,7 @@
#define FLAGNAME_TEMPLATEPATH "TEMPLATEPATH"
#define FLAGNAME_USESOPTIONS "USESOPTIONS"
#define FLAGNAME_COMBINED "COMBINED"
+#define FLAGNAME_EXOTIC "EXOTIC"
/** @short values of filter flags, sorted based on value */
#define FLAGVAL_IMPORT 0x00000001 // 1
@@ -144,6 +145,7 @@
#define FLAGVAL_CONSULTSERVICE 0x00040000 // 262144
#define FLAGVAL_3RDPARTYFILTER 0x00080000 // 524288
#define FLAGVAL_PACKED 0x00100000 // 1048576
+#define FLAGVAL_EXOTIC 0x00200000 // 2097152
#define FLAGVAL_BROWSERPREFERRED 0x00400000 // 4194304
#define FLAGVAL_COMBINED 0x00800000 // 8388608
#define FLAGVAL_ENCRYPTION 0x01000000 // 16777216
diff --git a/filter/source/config/cache/filtercache.cxx b/filter/source/config/cache/filtercache.cxx
index 18115e4..06071bbc 100644
--- a/filter/source/config/cache/filtercache.cxx
+++ b/filter/source/config/cache/filtercache.cxx
@@ -1920,6 +1920,7 @@ css::uno::Sequence< OUString > FilterCache::impl_convertFlagField2FlagNames(sal_
if ((nFlags & FLAGVAL_CONSULTSERVICE ) == FLAGVAL_CONSULTSERVICE ) lFlagNames.push_back(FLAGNAME_CONSULTSERVICE );
if ((nFlags & FLAGVAL_DEFAULT ) == FLAGVAL_DEFAULT ) lFlagNames.push_back(FLAGNAME_DEFAULT );
if ((nFlags & FLAGVAL_ENCRYPTION ) == FLAGVAL_ENCRYPTION ) lFlagNames.push_back(FLAGNAME_ENCRYPTION );
+ if ((nFlags & FLAGVAL_EXOTIC ) == FLAGVAL_EXOTIC ) lFlagNames.push_back(FLAGNAME_EXOTIC );
if ((nFlags & FLAGVAL_EXPORT ) == FLAGVAL_EXPORT ) lFlagNames.push_back(FLAGNAME_EXPORT );
if ((nFlags & FLAGVAL_IMPORT ) == FLAGVAL_IMPORT ) lFlagNames.push_back(FLAGNAME_IMPORT );
if ((nFlags & FLAGVAL_INTERNAL ) == FLAGVAL_INTERNAL ) lFlagNames.push_back(FLAGNAME_INTERNAL );
@@ -1992,6 +1993,11 @@ sal_Int32 FilterCache::impl_convertFlagNames2FlagField(const css::uno::Sequence<
nField |= FLAGVAL_EXPORT;
continue;
}
+ if (pNames[i] == FLAGNAME_EXOTIC)
+ {
+ nField |= FLAGVAL_EXOTIC;
+ continue;
+ }
if (pNames[i] == FLAGNAME_IMPORT)
{
nField |= FLAGVAL_IMPORT;
diff --git a/filter/source/config/fragments/filters/AbiWord.xcu b/filter/source/config/fragments/filters/AbiWord.xcu
index 32e95be..b53ef62 100644
--- a/filter/source/config/fragments/filters/AbiWord.xcu
+++ b/filter/source/config/fragments/filters/AbiWord.xcu
@@ -16,7 +16,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
-->
<node oor:name="AbiWord" oor:op="replace">
- <prop oor:name="Flags"><value>IMPORT ALIEN USESOPTIONS 3RDPARTYFILTER</value></prop>
+ <prop oor:name="Flags"><value>IMPORT ALIEN USESOPTIONS 3RDPARTYFILTER EXOTIC</value></prop>
<prop oor:name="UIComponent"/>
<prop oor:name="FilterService"><value>com.sun.star.comp.Writer.AbiWordImportFilter</value></prop>
<prop oor:name="UserData"><value>ABW</value></prop>
diff --git a/filter/source/config/fragments/filters/StarOffice_XML__Base_.xcu b/filter/source/config/fragments/filters/StarOffice_XML__Base_.xcu
index 4c33a80..3448430 100644
--- a/filter/source/config/fragments/filters/StarOffice_XML__Base_.xcu
+++ b/filter/source/config/fragments/filters/StarOffice_XML__Base_.xcu
@@ -16,7 +16,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
-->
<node oor:name="StarOffice XML (Base)" oor:op="replace">
- <prop oor:name="Flags"><value>IMPORT OWN DEFAULT 3RDPARTYFILTER ENCRYPTION</value></prop>
+ <prop oor:name="Flags"><value>IMPORT OWN DEFAULT 3RDPARTYFILTER ENCRYPTION EXOTIC</value></prop>
<prop oor:name="UIComponent"/>
<prop oor:name="FilterService"/>
<prop oor:name="UserData"/>
diff --git a/filter/source/config/fragments/filters/StarOffice_XML__Writer_.xcu b/filter/source/config/fragments/filters/StarOffice_XML__Writer_.xcu
index ee3638b..ba7db69 100644
--- a/filter/source/config/fragments/filters/StarOffice_XML__Writer_.xcu
+++ b/filter/source/config/fragments/filters/StarOffice_XML__Writer_.xcu
@@ -16,7 +16,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
-->
<node oor:name="StarOffice XML (Writer)" oor:op="replace">
- <prop oor:name="Flags"><value>IMPORT TEMPLATE OWN ALIEN PREFERRED ENCRYPTION</value></prop>
+ <prop oor:name="Flags"><value>IMPORT TEMPLATE OWN ALIEN PREFERRED ENCRYPTION EXOTIC</value></prop>
<prop oor:name="UIComponent"/>
<prop oor:name="FilterService"/>
<prop oor:name="UserData"><value>CXML</value></prop>
diff --git a/filter/source/config/fragments/filters/T602Document.xcu b/filter/source/config/fragments/filters/T602Document.xcu
index 1d3a887..0c5b481 100644
--- a/filter/source/config/fragments/filters/T602Document.xcu
+++ b/filter/source/config/fragments/filters/T602Document.xcu
@@ -16,7 +16,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
-->
<node oor:name="T602Document" oor:op="replace">
- <prop oor:name="Flags"><value>IMPORT ALIEN USESOPTIONS 3RDPARTYFILTER PREFERRED</value></prop>
+ <prop oor:name="Flags"><value>IMPORT ALIEN USESOPTIONS 3RDPARTYFILTER PREFERRED EXOTIC</value></prop>
<prop oor:name="UIComponent"/>
<prop oor:name="FilterService"><value>com.sun.star.comp.Writer.T602ImportFilter</value></prop>
<prop oor:name="UserData"><value>602</value></prop>
diff --git a/filter/source/config/fragments/filters/XPM.xcu b/filter/source/config/fragments/filters/XPM.xcu
index 83c1e32..8a67b71 100644
--- a/filter/source/config/fragments/filters/XPM.xcu
+++ b/filter/source/config/fragments/filters/XPM.xcu
@@ -16,7 +16,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
-->
<node oor:name="XPM" oor:op="replace">
- <prop oor:name="Flags"><value>IMPORT ALIEN</value></prop>
+ <prop oor:name="Flags"><value>IMPORT ALIEN EXOTIC</value></prop>
<prop oor:name="UIComponent"/>
<prop oor:name="FilterService"/>
<prop oor:name="UserData"><value></value></prop>
diff --git a/filter/source/config/fragments/filters/writer_MIZI_Hwp_97.xcu b/filter/source/config/fragments/filters/writer_MIZI_Hwp_97.xcu
index 1eba0ff..2b717c8 100644
--- a/filter/source/config/fragments/filters/writer_MIZI_Hwp_97.xcu
+++ b/filter/source/config/fragments/filters/writer_MIZI_Hwp_97.xcu
@@ -16,7 +16,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
-->
<node oor:name="writer_MIZI_Hwp_97" oor:op="replace">
- <prop oor:name="Flags"><value>IMPORT ALIEN 3RDPARTYFILTER</value></prop>
+ <prop oor:name="Flags"><value>IMPORT ALIEN 3RDPARTYFILTER EXOTIC</value></prop>
<prop oor:name="UIComponent"/>
<prop oor:name="FilterService"><value>com.sun.comp.hwpimport.HwpImportFilter</value></prop>
<prop oor:name="UserData"><value></value></prop>
diff --git a/include/comphelper/documentconstants.hxx b/include/comphelper/documentconstants.hxx
index 268bf99..c909906 100644
--- a/include/comphelper/documentconstants.hxx
+++ b/include/comphelper/documentconstants.hxx
@@ -98,6 +98,7 @@
// Default - default filter for this document type
// NotInFileDialog - should be self explaining
// NotInChooser - as above
+// Exotic - an unusual/legacy file-format, we don't normally see
// (The 3rdPartyFilter flag is here called StarONE)
@@ -124,6 +125,7 @@
#define SFX_FILTER_STARONEFILTER 0x00080000L
#define SFX_FILTER_PACKED 0x00100000L
+#define SFX_FILTER_EXOTIC 0x00200000L
#define SFX_FILTER_ENCRYPTION 0x01000000L
diff --git a/include/sfx2/docfilt.hxx b/include/sfx2/docfilt.hxx
index 34d7130..aacb8c5 100644
--- a/include/sfx2/docfilt.hxx
+++ b/include/sfx2/docfilt.hxx
@@ -80,7 +80,10 @@ public:
bool IsAllowedAsTemplate() const { return (nFormatType & SFX_FILTER_TEMPLATE) != 0; }
bool IsOwnFormat() const { return (nFormatType & SFX_FILTER_OWN) != 0; }
bool IsOwnTemplateFormat() const { return (nFormatType & SFX_FILTER_TEMPLATEPATH) != 0; }
+ /// not our built-in format
bool IsAlienFormat() const { return (nFormatType & SFX_FILTER_ALIEN) != 0; }
+ /// an unusual/legacy file to be loading
+ bool IsExoticFormat() const { return (nFormatType & SFX_FILTER_EXOTIC) != 0; }
bool CanImport() const { return (nFormatType & SFX_FILTER_IMPORT) != 0; }
bool CanExport() const { return (nFormatType & SFX_FILTER_EXPORT) != 0; }
bool IsInternal() const { return (nFormatType & SFX_FILTER_INTERNAL) != 0; }
--
1.8.4.5
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index d08baa9..1f7a7f2 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -689,6 +689,7 @@ public:
SAL_DLLPRIVATE void ImplSign( bool bScriptingContent = false );
SAL_DLLPRIVATE bool QuerySaveSizeExceededModules_Impl( const ::com::sun::star::uno::Reference< ::com::sun::star::task::XInteractionHandler >& xHandler );
+ SAL_DLLPRIVATE bool QueryAllowExoticFormat_Impl( const ::com::sun::star::uno::Reference< ::com::sun::star::task::XInteractionHandler >& xHandler );
SAL_DLLPRIVATE void CheckOut( );
SAL_DLLPRIVATE void CancelCheckOut( );
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index 59cb2e8..114e523 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -660,6 +660,10 @@ bool SfxObjectShell::DoLoad( SfxMedium *pMed )
pImp->nLoadedFlags = 0;
pImp->bModelInitialized = false;
+ if ( pFilter && pFilter->IsExoticFormat() &&
+ !QueryAllowExoticFormat_Impl( getInteractionHandler() ) )
+ SetError( ERRCODE_IO_ABORT, OUString( OSL_LOG_PREFIX ) );
+
//TODO/LATER: make a clear strategy how to handle "UsesStorage" etc.
bool bOwnStorageFormat = IsOwnStorageFormat_Impl( *pMedium );
bool bHasStorage = IsPackageStorageFormat_Impl( *pMedium );
@@ -882,6 +886,7 @@ sal_uInt32 SfxObjectShell::HandleFilter( SfxMedium* pMedium, SfxObjectShell* pDo
SfxItemSet* pSet = pMedium->GetItemSet();
SFX_ITEMSET_ARG( pSet, pOptions, SfxStringItem, SID_FILE_FILTEROPTIONS, false );
SFX_ITEMSET_ARG( pSet, pData, SfxUnoAnyItem, SID_FILTER_DATA, false );
+
if ( !pData && !pOptions )
{
com::sun::star::uno::Reference< XMultiServiceFactory > xServiceManager = ::comphelper::getProcessServiceFactory();
@@ -2190,6 +2195,7 @@ bool SfxObjectShell::ImportFrom(SfxMedium& rMedium,
rMedium.GetItemSet()->Put( SfxStringItem( SID_FILTER_NAME, aFilterName ) );
}
+ bool bExotic = false;
OUString aFilterImplName;
sal_Int32 nFilterProps = aProps.getLength();
for ( sal_Int32 nFilterProp = 0; nFilterProp<nFilterProps; nFilterProp++ )
@@ -2198,10 +2204,19 @@ bool SfxObjectShell::ImportFrom(SfxMedium& rMedium,
if (rFilterProp.Name == "FilterService")
{
rFilterProp.Value >>= aFilterImplName;
- break;
+ }
+ if (rFilterProp.Name == "Flags")
+ {
+ sal_Int32 nFlags = 0;
+ bExotic = (rFilterProp.Value >>= nFlags) && (nFlags & SFX_FILTER_EXOTIC);
}
}
+ if (bExotic)
+ {
+ fprintf (stderr, "Odd file format !\n");
+ }
+
uno::Reference< document::XFilter > xLoader;
if ( !aFilterImplName.isEmpty() )
{
@@ -3645,6 +3660,59 @@ bool SfxObjectShell::QuerySaveSizeExceededModules_Impl( const uno::Reference< ta
return true;
}
+bool SfxObjectShell::QueryAllowExoticFormat_Impl( const uno::Reference< task::XInteractionHandler >& xHandler )
+{
+ if ( xHandler.is() )
+ {
+ // labouriously create interaction request
+forms/source/xforms/submission.cxx- comphelper::OInteractionRequest* pRequest
+forms/source/xforms/submission.cxx- = new comphelper::OInteractionRequest(
+forms/source/xforms/submission.cxx- makeAny( aInvalidDataException ) );
+forms/source/xforms/submission.cxx: Reference<XInteractionRequest> xRequest = pRequest;
+
+
+ // FIXME: iahndl.cxx -> handles interaction requests like this ...
+ uno::Sequence<OUString> aEmpty;
+ ModuleSizeExceeded* pReq = new ModuleSizeExceeded( aEmpty );
+ uno::Reference< task::XInteractionRequest > xReq( pReq );
+ xHandler->handle( xReq );
+ return pReq->isApprove();
+
+ from forms: ... make this less laborious !? ...
+ + re-factor that to be simpler ? ... =) [!] ...
+
+ // labouriously create interaction request
+ comphelper::OInteractionRequest* pRequest
+ = new comphelper::OInteractionRequest(
+ makeAny( aInvalidDataException ) );
+ Reference<XInteractionRequest> xRequest = pRequest;
+
+ comphelper::OInteractionApprove* pContinue
+ = new comphelper::OInteractionApprove();
+ Reference<XInteractionContinuation> xContinue = pContinue;
+ pRequest->addContinuation( xContinue );
+
+ comphelper::OInteractionDisapprove* pCancel
+ = new comphelper::OInteractionDisapprove();
+ Reference<XInteractionContinuation> xCancel = pCancel;
+ pRequest->addContinuation( xCancel );
+
+ // ask the handler...
+ _rxHandler->handle( xRequest );
+ OSL_ENSURE( pContinue->wasSelected() || pCancel->wasSelected(),
+ "handler didn't select" );
+
+ // and continue, if user chose 'continue'
+ if( pContinue->wasSelected() )
+ bValid = true;
+
+
+
+ }
+ // No interaction handler, default is to continue to load
+ return true;
+}
+
uno::Reference< task::XInteractionHandler > SfxObjectShell::getInteractionHandler() const
{
uno::Reference< task::XInteractionHandler > xRet;
_______________________________________________
LibreOffice mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice
