self-hosted/joplin
1
0
Fork 0
mirror of https://github.com/laurent22/joplin.git synced 2025-06-18 23:07:45 +02:00
Code Issues Releases Activity

Desktop, Cli: Security: Fixed a path traversal vulnerability in clipper server API that could allow an attacker to read or write an arbitrary file (CVE-2020-15844)

Browse Source
This commit is contained in:
Laurent Cozic
2020-07-24 00:45:15 +00:00
parent 4be02bc33c
commit d209d5036b
3 changed files with 26 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
ReactNativeClient/lib/shim-init-node.js
View File

@ -145,6 +145,7 @@ function shimInit() {
shim.createResourceFromPath = async function(filePath, defaultProps = null, options = null) {
options = Object.assign({
resizeLargeImages: 'always', // 'always', 'ask' or 'never'
userSideValidation: false,
}, options);
const readChunk = require('read-chunk');
@ -159,7 +160,7 @@ function shimInit() {
const resourceId = defaultProps.id ? defaultProps.id : uuid.create();
let resource = Resource.new();
const resource = Resource.new();
resource.id = resourceId;
resource.mime = mimeUtils.fromFilename(filePath);
resource.title = basename(filePath);
@ -186,15 +187,13 @@ function shimInit() {
const ok = await handleResizeImage_(filePath, targetPath, resource.mime, options.resizeLargeImages);
if (!ok) return null;
} else {
// const stat = await shim.fsDriver().stat(filePath);
// if (stat.size >= 10000000) throw new Error('Resources larger than 10 MB are not currently supported as they may crash the mobile applications. The issue is being investigated and will be fixed at a later time.');
await fs.copy(filePath, targetPath, { overwrite: true });
}
if (defaultProps) {
resource = Object.assign({}, resource, defaultProps);
}
// While a whole object can be passed as defaultProps, we only just
// support the title and ID (used above). Any other prop should be
// derived from the provided file.
if ('title' in defaultProps) resource.title = defaultProps.title;
const itDoes = await shim.fsDriver().waitTillExists(targetPath);
if (!itDoes) throw new Error(`Resource file was not created: ${targetPath}`);
@ -202,7 +201,9 @@ function shimInit() {
const fileStat = await shim.fsDriver().stat(targetPath);
resource.size = fileStat.size;
return Resource.save(resource, { isNew: true });
const saveOptions = { isNew: true };
if (options.userSideValidation) saveOptions.userSideValidation = true;
return Resource.save(resource, saveOptions);
};
shim.attachFileToNoteBody = async function(noteBody, filePath, position = null, options = null) {