Hi Bryan,
On Tue, 2016-02-09 at 01:38 -0500, Bryan Quigley wrote:
While working on the easyhack[1] to remove export of obsolete formats
Its prolly a good idea to close that easy-hack ;-)
There also might be a security benefit by not having to
consider these formats (less import code to harden).
As JanI says, cf. the ESC minutes - being the swiss-army-knife of file
formats that loads ~anything you can throw at it is quite important.
P.S. Please copy me on replies.
Hopefully the list is configured to do that ;-)
Anyhow - I share your concern wrt. the attack surface that all these
old file filters provide for us; I attach a prototype patch that adds an
'EXOTIC' annotation to our filter descriptions. It is missing a UI
Interaction Handler piece (cf. the hole with the notes and so on in
there ;-) - we'll need a new request type I guess.
My ideal would be to pop up a dialog saying:
"You're asking LibreOffice to open a very unusual file-type.
Unless you are certain that this file is indeed a <Lotus
Word Pro> file it is safest to not open it.
[ ] - never show this again
[ this is an unusual file ] [get me out of here ]"
Of some kind =) is that something you'd be interested in working on ?
All the best,
Michael.
--
michael.meeks@collabora.com <><, Pseudo Engineer, itinerant idiot
From 637f57758b1bb4b951fb48cc49fe5071f9533953 Mon Sep 17 00:00:00 2001
From: Michael Meeks <michael.meeks@collabora.com>
Date: Wed, 25 Feb 2015 15:07:19 +0000
Subject: [PATCH] First cut at annotating 'exotic' filters.
The idea being that we can improve security by warning for these.
Change-Id: I7d993417bfb6a8fe868bc3e07ccbcfe71bf285ff
---
filter/source/config/cache/constant.hxx | 2 ++
filter/source/config/cache/filtercache.cxx | 6 ++++++
filter/source/config/fragments/filters/AbiWord.xcu | 2 +-
filter/source/config/fragments/filters/StarOffice_XML__Base_.xcu | 2 +-
filter/source/config/fragments/filters/StarOffice_XML__Writer_.xcu | 2 +-
filter/source/config/fragments/filters/T602Document.xcu | 2 +-
filter/source/config/fragments/filters/XPM.xcu | 2 +-
filter/source/config/fragments/filters/writer_MIZI_Hwp_97.xcu | 2 +-
include/comphelper/documentconstants.hxx | 2 ++
include/sfx2/docfilt.hxx | 3 +++
10 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/filter/source/config/cache/constant.hxx b/filter/source/config/cache/constant.hxx
index 98327f0..f21ee55 100644
--- a/filter/source/config/cache/constant.hxx
+++ b/filter/source/config/cache/constant.hxx
@@ -124,6 +124,7 @@
#define FLAGNAME_TEMPLATEPATH "TEMPLATEPATH"
#define FLAGNAME_USESOPTIONS "USESOPTIONS"
#define FLAGNAME_COMBINED "COMBINED"
+#define FLAGNAME_EXOTIC "EXOTIC"
/** @short values of filter flags, sorted based on value */
#define FLAGVAL_IMPORT 0x00000001 // 1
@@ -144,6 +145,7 @@
#define FLAGVAL_CONSULTSERVICE 0x00040000 // 262144
#define FLAGVAL_3RDPARTYFILTER 0x00080000 // 524288
#define FLAGVAL_PACKED 0x00100000 // 1048576
+#define FLAGVAL_EXOTIC 0x00200000 // 2097152
#define FLAGVAL_BROWSERPREFERRED 0x00400000 // 4194304
#define FLAGVAL_COMBINED 0x00800000 // 8388608
#define FLAGVAL_ENCRYPTION 0x01000000 // 16777216
diff --git a/filter/source/config/cache/filtercache.cxx b/filter/source/config/cache/filtercache.cxx
index 18115e4..06071bbc 100644
--- a/filter/source/config/cache/filtercache.cxx
+++ b/filter/source/config/cache/filtercache.cxx
@@ -1920,6 +1920,7 @@ css::uno::Sequence< OUString >
FilterCache::impl_convertFlagField2FlagNames(sal_
if ((nFlags & FLAGVAL_CONSULTSERVICE ) == FLAGVAL_CONSULTSERVICE )
lFlagNames.push_back(FLAGNAME_CONSULTSERVICE );
if ((nFlags & FLAGVAL_DEFAULT ) == FLAGVAL_DEFAULT )
lFlagNames.push_back(FLAGNAME_DEFAULT );
if ((nFlags & FLAGVAL_ENCRYPTION ) == FLAGVAL_ENCRYPTION )
lFlagNames.push_back(FLAGNAME_ENCRYPTION );
+ if ((nFlags & FLAGVAL_EXOTIC ) == FLAGVAL_EXOTIC )
lFlagNames.push_back(FLAGNAME_EXOTIC );
if ((nFlags & FLAGVAL_EXPORT ) == FLAGVAL_EXPORT )
lFlagNames.push_back(FLAGNAME_EXPORT );
if ((nFlags & FLAGVAL_IMPORT ) == FLAGVAL_IMPORT )
lFlagNames.push_back(FLAGNAME_IMPORT );
if ((nFlags & FLAGVAL_INTERNAL ) == FLAGVAL_INTERNAL )
lFlagNames.push_back(FLAGNAME_INTERNAL );
@@ -1992,6 +1993,11 @@ sal_Int32 FilterCache::impl_convertFlagNames2FlagField(const
css::uno::Sequence<
nField |= FLAGVAL_EXPORT;
continue;
}
+ if (pNames[i] == FLAGNAME_EXOTIC)
+ {
+ nField |= FLAGVAL_EXOTIC;
+ continue;
+ }
if (pNames[i] == FLAGNAME_IMPORT)
{
nField |= FLAGVAL_IMPORT;
diff --git a/filter/source/config/fragments/filters/AbiWord.xcu
b/filter/source/config/fragments/filters/AbiWord.xcu
index 32e95be..b53ef62 100644
--- a/filter/source/config/fragments/filters/AbiWord.xcu
+++ b/filter/source/config/fragments/filters/AbiWord.xcu
@@ -16,7 +16,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
-->
<node oor:name="AbiWord" oor:op="replace">
- <prop oor:name="Flags"><value>IMPORT ALIEN USESOPTIONS 3RDPARTYFILTER</value></prop>
+ <prop oor:name="Flags"><value>IMPORT ALIEN USESOPTIONS 3RDPARTYFILTER EXOTIC</value></prop>
<prop oor:name="UIComponent"/>
<prop
oor:name="FilterService"><value>com.sun.star.comp.Writer.AbiWordImportFilter</value></prop>
<prop oor:name="UserData"><value>ABW</value></prop>
diff --git a/filter/source/config/fragments/filters/StarOffice_XML__Base_.xcu
b/filter/source/config/fragments/filters/StarOffice_XML__Base_.xcu
index 4c33a80..3448430 100644
--- a/filter/source/config/fragments/filters/StarOffice_XML__Base_.xcu
+++ b/filter/source/config/fragments/filters/StarOffice_XML__Base_.xcu
@@ -16,7 +16,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
-->
<node oor:name="StarOffice XML (Base)" oor:op="replace">
- <prop oor:name="Flags"><value>IMPORT OWN DEFAULT 3RDPARTYFILTER ENCRYPTION</value></prop>
+ <prop oor:name="Flags"><value>IMPORT OWN DEFAULT 3RDPARTYFILTER ENCRYPTION
EXOTIC</value></prop>
<prop oor:name="UIComponent"/>
<prop oor:name="FilterService"/>
<prop oor:name="UserData"/>
diff --git a/filter/source/config/fragments/filters/StarOffice_XML__Writer_.xcu
b/filter/source/config/fragments/filters/StarOffice_XML__Writer_.xcu
index ee3638b..ba7db69 100644
--- a/filter/source/config/fragments/filters/StarOffice_XML__Writer_.xcu
+++ b/filter/source/config/fragments/filters/StarOffice_XML__Writer_.xcu
@@ -16,7 +16,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
-->
<node oor:name="StarOffice XML (Writer)" oor:op="replace">
- <prop oor:name="Flags"><value>IMPORT TEMPLATE OWN ALIEN PREFERRED ENCRYPTION</value></prop>
+ <prop oor:name="Flags"><value>IMPORT TEMPLATE OWN ALIEN PREFERRED ENCRYPTION
EXOTIC</value></prop>
<prop oor:name="UIComponent"/>
<prop oor:name="FilterService"/>
<prop oor:name="UserData"><value>CXML</value></prop>
diff --git a/filter/source/config/fragments/filters/T602Document.xcu
b/filter/source/config/fragments/filters/T602Document.xcu
index 1d3a887..0c5b481 100644
--- a/filter/source/config/fragments/filters/T602Document.xcu
+++ b/filter/source/config/fragments/filters/T602Document.xcu
@@ -16,7 +16,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
-->
<node oor:name="T602Document" oor:op="replace">
- <prop oor:name="Flags"><value>IMPORT ALIEN USESOPTIONS 3RDPARTYFILTER
PREFERRED</value></prop>
+ <prop oor:name="Flags"><value>IMPORT ALIEN USESOPTIONS 3RDPARTYFILTER PREFERRED
EXOTIC</value></prop>
<prop oor:name="UIComponent"/>
<prop
oor:name="FilterService"><value>com.sun.star.comp.Writer.T602ImportFilter</value></prop>
<prop oor:name="UserData"><value>602</value></prop>
diff --git a/filter/source/config/fragments/filters/XPM.xcu
b/filter/source/config/fragments/filters/XPM.xcu
index 83c1e32..8a67b71 100644
--- a/filter/source/config/fragments/filters/XPM.xcu
+++ b/filter/source/config/fragments/filters/XPM.xcu
@@ -16,7 +16,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
-->
<node oor:name="XPM" oor:op="replace">
- <prop oor:name="Flags"><value>IMPORT ALIEN</value></prop>
+ <prop oor:name="Flags"><value>IMPORT ALIEN EXOTIC</value></prop>
<prop oor:name="UIComponent"/>
<prop oor:name="FilterService"/>
<prop oor:name="UserData"><value></value></prop>
diff --git a/filter/source/config/fragments/filters/writer_MIZI_Hwp_97.xcu
b/filter/source/config/fragments/filters/writer_MIZI_Hwp_97.xcu
index 1eba0ff..2b717c8 100644
--- a/filter/source/config/fragments/filters/writer_MIZI_Hwp_97.xcu
+++ b/filter/source/config/fragments/filters/writer_MIZI_Hwp_97.xcu
@@ -16,7 +16,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
-->
<node oor:name="writer_MIZI_Hwp_97" oor:op="replace">
- <prop oor:name="Flags"><value>IMPORT ALIEN 3RDPARTYFILTER</value></prop>
+ <prop oor:name="Flags"><value>IMPORT ALIEN 3RDPARTYFILTER EXOTIC</value></prop>
<prop oor:name="UIComponent"/>
<prop oor:name="FilterService"><value>com.sun.comp.hwpimport.HwpImportFilter</value></prop>
<prop oor:name="UserData"><value></value></prop>
diff --git a/include/comphelper/documentconstants.hxx b/include/comphelper/documentconstants.hxx
index 268bf99..c909906 100644
--- a/include/comphelper/documentconstants.hxx
+++ b/include/comphelper/documentconstants.hxx
@@ -98,6 +98,7 @@
// Default - default filter for this document type
// NotInFileDialog - should be self explaining
// NotInChooser - as above
+// Exotic - an unusual/legacy file-format, we don't normally see
// (The 3rdPartyFilter flag is here called StarONE)
@@ -124,6 +125,7 @@
#define SFX_FILTER_STARONEFILTER 0x00080000L
#define SFX_FILTER_PACKED 0x00100000L
+#define SFX_FILTER_EXOTIC 0x00200000L
#define SFX_FILTER_ENCRYPTION 0x01000000L
diff --git a/include/sfx2/docfilt.hxx b/include/sfx2/docfilt.hxx
index 34d7130..aacb8c5 100644
--- a/include/sfx2/docfilt.hxx
+++ b/include/sfx2/docfilt.hxx
@@ -80,7 +80,10 @@ public:
bool IsAllowedAsTemplate() const { return (nFormatType & SFX_FILTER_TEMPLATE) != 0; }
bool IsOwnFormat() const { return (nFormatType & SFX_FILTER_OWN) != 0; }
bool IsOwnTemplateFormat() const { return (nFormatType & SFX_FILTER_TEMPLATEPATH) != 0; }
+ /// not our built-in format
bool IsAlienFormat() const { return (nFormatType & SFX_FILTER_ALIEN) != 0; }
+ /// an unusual/legacy file to be loading
+ bool IsExoticFormat() const { return (nFormatType & SFX_FILTER_EXOTIC) != 0; }
bool CanImport() const { return (nFormatType & SFX_FILTER_IMPORT) != 0; }
bool CanExport() const { return (nFormatType & SFX_FILTER_EXPORT) != 0; }
bool IsInternal() const { return (nFormatType & SFX_FILTER_INTERNAL) != 0; }
--
1.8.4.5
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index d08baa9..1f7a7f2 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -689,6 +689,7 @@ public:
SAL_DLLPRIVATE void ImplSign( bool bScriptingContent = false );
SAL_DLLPRIVATE bool QuerySaveSizeExceededModules_Impl( const ::com::sun::star::uno::Reference<
::com::sun::star::task::XInteractionHandler >& xHandler );
+ SAL_DLLPRIVATE bool QueryAllowExoticFormat_Impl( const ::com::sun::star::uno::Reference<
::com::sun::star::task::XInteractionHandler >& xHandler );
SAL_DLLPRIVATE void CheckOut( );
SAL_DLLPRIVATE void CancelCheckOut( );
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index 59cb2e8..114e523 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -660,6 +660,10 @@ bool SfxObjectShell::DoLoad( SfxMedium *pMed )
pImp->nLoadedFlags = 0;
pImp->bModelInitialized = false;
+ if ( pFilter && pFilter->IsExoticFormat() &&
+ !QueryAllowExoticFormat_Impl( getInteractionHandler() ) )
+ SetError( ERRCODE_IO_ABORT, OUString( OSL_LOG_PREFIX ) );
+
//TODO/LATER: make a clear strategy how to handle "UsesStorage" etc.
bool bOwnStorageFormat = IsOwnStorageFormat_Impl( *pMedium );
bool bHasStorage = IsPackageStorageFormat_Impl( *pMedium );
@@ -882,6 +886,7 @@ sal_uInt32 SfxObjectShell::HandleFilter( SfxMedium* pMedium, SfxObjectShell* pDo
SfxItemSet* pSet = pMedium->GetItemSet();
SFX_ITEMSET_ARG( pSet, pOptions, SfxStringItem, SID_FILE_FILTEROPTIONS, false );
SFX_ITEMSET_ARG( pSet, pData, SfxUnoAnyItem, SID_FILTER_DATA, false );
+
if ( !pData && !pOptions )
{
com::sun::star::uno::Reference< XMultiServiceFactory > xServiceManager =
::comphelper::getProcessServiceFactory();
@@ -2190,6 +2195,7 @@ bool SfxObjectShell::ImportFrom(SfxMedium& rMedium,
rMedium.GetItemSet()->Put( SfxStringItem( SID_FILTER_NAME, aFilterName ) );
}
+ bool bExotic = false;
OUString aFilterImplName;
sal_Int32 nFilterProps = aProps.getLength();
for ( sal_Int32 nFilterProp = 0; nFilterProp<nFilterProps; nFilterProp++ )
@@ -2198,10 +2204,19 @@ bool SfxObjectShell::ImportFrom(SfxMedium& rMedium,
if (rFilterProp.Name == "FilterService")
{
rFilterProp.Value >>= aFilterImplName;
- break;
+ }
+ if (rFilterProp.Name == "Flags")
+ {
+ sal_Int32 nFlags = 0;
+ bExotic = (rFilterProp.Value >>= nFlags) && (nFlags & SFX_FILTER_EXOTIC);
}
}
+ if (bExotic)
+ {
+ fprintf (stderr, "Odd file format !\n");
+ }
+
uno::Reference< document::XFilter > xLoader;
if ( !aFilterImplName.isEmpty() )
{
@@ -3645,6 +3660,59 @@ bool SfxObjectShell::QuerySaveSizeExceededModules_Impl( const
uno::Reference< ta
return true;
}
+bool SfxObjectShell::QueryAllowExoticFormat_Impl( const uno::Reference< task::XInteractionHandler
& xHandler )
+{
+ if ( xHandler.is() )
+ {
+ // labouriously create interaction request
+forms/source/xforms/submission.cxx- comphelper::OInteractionRequest* pRequest
+forms/source/xforms/submission.cxx- = new comphelper::OInteractionRequest(
+forms/source/xforms/submission.cxx- makeAny( aInvalidDataException ) );
+forms/source/xforms/submission.cxx: Reference<XInteractionRequest> xRequest = pRequest;
+
+
+ // FIXME: iahndl.cxx -> handles interaction requests like this ...
+ uno::Sequence<OUString> aEmpty;
+ ModuleSizeExceeded* pReq = new ModuleSizeExceeded( aEmpty );
+ uno::Reference< task::XInteractionRequest > xReq( pReq );
+ xHandler->handle( xReq );
+ return pReq->isApprove();
+
+ from forms: ... make this less laborious !? ...
+ + re-factor that to be simpler ? ... =) [!] ...
+
+ // labouriously create interaction request
+ comphelper::OInteractionRequest* pRequest
+ = new comphelper::OInteractionRequest(
+ makeAny( aInvalidDataException ) );
+ Reference<XInteractionRequest> xRequest = pRequest;
+
+ comphelper::OInteractionApprove* pContinue
+ = new comphelper::OInteractionApprove();
+ Reference<XInteractionContinuation> xContinue = pContinue;
+ pRequest->addContinuation( xContinue );
+
+ comphelper::OInteractionDisapprove* pCancel
+ = new comphelper::OInteractionDisapprove();
+ Reference<XInteractionContinuation> xCancel = pCancel;
+ pRequest->addContinuation( xCancel );
+
+ // ask the handler...
+ _rxHandler->handle( xRequest );
+ OSL_ENSURE( pContinue->wasSelected() || pCancel->wasSelected(),
+ "handler didn't select" );
+
+ // and continue, if user chose 'continue'
+ if( pContinue->wasSelected() )
+ bValid = true;
+
+
+
+ }
+ // No interaction handler, default is to continue to load
+ return true;
+}
+
uno::Reference< task::XInteractionHandler > SfxObjectShell::getInteractionHandler() const
{
uno::Reference< task::XInteractionHandler > xRet;
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.