[Libreoffice-commits] core.git: include/sfx2 include/unotools sfx2/source unotools/source

Stephan Bergmann sbergman at redhat.com
Fri Nov 8 17:35:10 CET 2013


 include/sfx2/app.hxx                       |    2 
 include/unotools/securityoptions.hxx       |   21 +-----
 sfx2/source/appl/appcfg.cxx                |    6 -
 sfx2/source/appl/appopen.cxx               |   27 ++------
 unotools/source/config/securityoptions.cxx |   89 ++++++++++-------------------
 5 files changed, 46 insertions(+), 99 deletions(-)

New commits:
commit ea1a7ba72e1bd50a12faff1f8180a5a44745715d
Author: Stephan Bergmann <sbergman at redhat.com>
Date:   Fri Nov 8 17:25:45 2013 +0100

    Clean up IsSecureURL
    
    ...to not use WildCard (in case a trusted location URI already contains an
    unescaped "*"), be specific about matching only past a final "/", and rename to
    isSecureMacroUri for clarification.
    
    The check with an INET_PROT_NOT_VALID default INetURLObject in
    SfxApplication::OpenDocExec_Impl ("we have to check the referer before
    executing") had efficiently been dead since its inception in
    14237ac4bf497decdde8b742acea23780833ba12 "#90880#: security checks corrected,"
    as INET_PROT_NOT_VALID is considered secure regardless of referer anyway.
    
    Change-Id: I03bca5e6dac89bb2aac52909aff273ea640228d8

diff --git a/include/sfx2/app.hxx b/include/sfx2/app.hxx
index d28a373..ebb280a 100644
--- a/include/sfx2/app.hxx
+++ b/include/sfx2/app.hxx
@@ -79,7 +79,6 @@ class SfxModule;
 class SfxModule;
 typedef ::std::vector<SfxModule*> SfxModuleArr_Impl;
 class Window;
-class INetURLObject;
 struct SfxChildWinFactory;
 struct SfxMenuCtrlFactory;
 struct SfxStbCtrlFactory;
@@ -203,7 +202,6 @@ public:
     virtual void                Invalidate(sal_uInt16 nId = 0);
     void                        NotifyEvent(const SfxEventHint& rEvent, bool bSynchron = true );
     sal_Bool                        IsDowning() const;
-    sal_Bool                        IsSecureURL( const INetURLObject &rURL, const OUString *pReferer ) const;
     void                        ResetLastDir();
 
     SAL_DLLPRIVATE static SfxApplication* Get() { return pApp;}
diff --git a/include/unotools/securityoptions.hxx b/include/unotools/securityoptions.hxx
index eb64647..fc6c49c 100644
--- a/include/unotools/securityoptions.hxx
+++ b/include/unotools/securityoptions.hxx
@@ -181,21 +181,12 @@ class UNOTOOLS_DLLPUBLIC SAL_WARN_UNUSED SvtSecurityOptions : public utl::detail
 
         sal_Bool            IsMacroDisabled             (                   ) const ;
 
-        /*-****************************************************************************************************//**
-            @short      special method to check an URL and his referer corresponding to ouer internal security cessation
-            @descr      Give us an URL and his referer and we will say you if these url can be scripted or not!
-
-            @seealso    -
-
-            @param      "sURL" reference to URL for checking
-            @param      "sReferer" reference to referer which wish to run script by given URL
-            @return     sal_True if URL is secure or security is obsolete(!) or sal_False otherwise.
-
-            @onerror    No error should occur!
-        *//*-*****************************************************************************************************/
-
-        sal_Bool IsSecureURL(   const   OUString&    sURL        ,
-                                const   OUString&    sReferer    ) const ;
+        /**
+           Check whether the given uri is either no dangerous macro-execution
+           URI at all or else the given referer is a trusted source.
+        */
+        bool isSecureMacroUri(OUString const & uri, OUString const & referer)
+            const;
 
         ::com::sun::star::uno::Sequence< Certificate >  GetTrustedAuthors       (                                                                   ) const ;
         void                                            SetTrustedAuthors       ( const ::com::sun::star::uno::Sequence< Certificate >& rAuthors    )       ;
diff --git a/sfx2/source/appl/appcfg.cxx b/sfx2/source/appl/appcfg.cxx
index be93509..1847648 100644
--- a/sfx2/source/appl/appcfg.cxx
+++ b/sfx2/source/appl/appcfg.cxx
@@ -494,12 +494,6 @@ sal_Bool SfxApplication::GetOptions( SfxItemSet& rSet )
     return bRet;
 }
 
-//--------------------------------------------------------------------
-sal_Bool SfxApplication::IsSecureURL( const INetURLObject& rURL, const OUString* pReferer ) const
-{
-    return SvtSecurityOptions().IsSecureURL( rURL.GetMainURL( INetURLObject::NO_DECODE ), *pReferer );
-}
-//--------------------------------------------------------------------
 // TODO/CLEANUP: Why two SetOptions Methods?
 void SfxApplication::SetOptions_Impl( const SfxItemSet& rSet )
 {
diff --git a/sfx2/source/appl/appopen.cxx b/sfx2/source/appl/appopen.cxx
index 1112573..e376929 100644
--- a/sfx2/source/appl/appopen.cxx
+++ b/sfx2/source/appl/appopen.cxx
@@ -931,28 +931,17 @@ void SfxApplication::OpenDocExec_Impl( SfxRequest& rReq )
                     if ( !bFound )
                     {
                         sal_Bool bLoadInternal = sal_False;
-
-                        // security reservation: => we have to check the referer before executing
-                        if (SFX_APP()->IsSecureURL(INetURLObject(), &aReferer))
+                        try
                         {
-                            try
-                            {
-                                sfx2::openUriExternally(
-                                    aURL.Complete, pFilter == 0);
-                            }
-                            catch ( ::com::sun::star::system::SystemShellExecuteException& )
-                            {
-                                rReq.RemoveItem( SID_TARGETNAME );
-                                rReq.AppendItem( SfxStringItem( SID_TARGETNAME, OUString("_default") ) );
-                                bLoadInternal = sal_True;
-                            }
+                            sfx2::openUriExternally(
+                                aURL.Complete, pFilter == 0);
                         }
-                        else
+                        catch ( ::com::sun::star::system::SystemShellExecuteException& )
                         {
-                            SfxErrorContext aCtx( ERRCTX_SFX_OPENDOC, aURL.Complete );
-                            ErrorHandler::HandleError( ERRCODE_IO_ACCESSDENIED );
+                            rReq.RemoveItem( SID_TARGETNAME );
+                            rReq.AppendItem( SfxStringItem( SID_TARGETNAME, OUString("_default") ) );
+                            bLoadInternal = sal_True;
                         }
-
                         if ( !bLoadInternal )
                             return;
                     }
@@ -967,7 +956,7 @@ void SfxApplication::OpenDocExec_Impl( SfxRequest& rReq )
         }
     }
 
-    if ( !SFX_APP()->IsSecureURL( INetURLObject(aFileName), &aReferer ) )
+    if (!SvtSecurityOptions().isSecureMacroUri(aFileName, aReferer))
     {
         SfxErrorContext aCtx( ERRCTX_SFX_OPENDOC, aFileName );
         ErrorHandler::HandleError( ERRCODE_IO_ACCESSDENIED );
diff --git a/unotools/source/config/securityoptions.cxx b/unotools/source/config/securityoptions.cxx
index efcb2a1..2271219 100644
--- a/unotools/source/config/securityoptions.cxx
+++ b/unotools/source/config/securityoptions.cxx
@@ -28,7 +28,6 @@
 #include <com/sun/star/beans/PropertyValue.hpp>
 #include <comphelper/sequenceasvector.hxx>
 #include <tools/urlobj.hxx>
-#include <tools/wldcrd.hxx>
 
 #include <unotools/pathoptions.hxx>
 
@@ -175,8 +174,6 @@ class SvtSecurityOptions_Impl : public ConfigItem
 
         Sequence< OUString >    GetSecureURLs   (                                                       ) const ;
         void                    SetSecureURLs   (   const   Sequence< OUString >&   seqURLList          )       ;
-        sal_Bool                IsSecureURL     (   const   OUString&               sURL,
-                                                    const   OUString&               sReferer            ) const ;
         inline sal_Int32        GetMacroSecurityLevel   (                                               ) const ;
         void                    SetMacroSecurityLevel   ( sal_Int32 _nLevel                             )       ;
 
@@ -188,7 +185,6 @@ class SvtSecurityOptions_Impl : public ConfigItem
         sal_Bool                IsOptionSet     ( SvtSecurityOptions::EOption eOption                   ) const ;
         sal_Bool                SetOption       ( SvtSecurityOptions::EOption eOption, sal_Bool bValue  )       ;
         sal_Bool                IsOptionEnabled ( SvtSecurityOptions::EOption eOption                   ) const ;
-private:
 
         /*-****************************************************************************************************//**
             @short      return list of key names of ouer configuration management which represent our module tree
@@ -864,55 +860,6 @@ void SvtSecurityOptions_Impl::SetSecureURLs( const Sequence< OUString >& seqURLL
     }
 }
 
-sal_Bool SvtSecurityOptions_Impl::IsSecureURL(  const   OUString&   sURL    ,
-                                                const   OUString&   sReferer) const
-{
-    sal_Bool bState = sal_False;
-
-    // Check for uncritical protocols first
-    // All protocols different from "macro..." and "slot..." are secure per definition and must not be checked.
-    // "macro://#..." means AppBasic macros that are considered safe
-    INetURLObject   aURL        ( sURL );
-    INetProtocol    aProtocol   = aURL.GetProtocol();
-
-    // All other URLs must checked in combination with referer and internal information about security
-    if ( (aProtocol != INET_PROT_MACRO && aProtocol !=  INET_PROT_SLOT) ||
-         aURL.GetMainURL( INetURLObject::NO_DECODE ).matchIgnoreAsciiCaseAsciiL( "macro:///", 9 ) == 0)
-    {
-        // security check only for "macro" ( without app basic ) or "slot" protocols
-        bState = sal_True;
-    }
-    else
-    {
-        //  check list of allowed URL patterns
-        // Trusted referer given?
-        // NO  => bState will be false per default
-        // YES => search for it in our internal url list
-        if( !sReferer.isEmpty() )
-        {
-            // Search in internal list
-            OUString sRef = sReferer.toAsciiLowerCase();
-            sal_uInt32 nCount = m_seqSecureURLs.getLength();
-            for( sal_uInt32 nItem=0; nItem<nCount; ++nItem )
-            {
-                OUString sCheckURL = m_seqSecureURLs[nItem].toAsciiLowerCase();
-                sCheckURL += "*";
-                if( WildCard( sCheckURL ).Matches( sRef ) == sal_True )
-                {
-                    bState = sal_True;
-                    break;
-                }
-            }
-
-            if ( !bState )
-                bState = sRef.compareToAscii("private:user") == 0;
-        }
-    }
-
-    // Return result of operation.
-    return bState;
-}
-
 inline sal_Int32 SvtSecurityOptions_Impl::GetMacroSecurityLevel() const
 {
     return m_nSecLevel;
@@ -1082,11 +1029,39 @@ void SvtSecurityOptions::SetSecureURLs( const Sequence< OUString >& seqURLList )
     m_pDataContainer->SetSecureURLs( seqURLList );
 }
 
-sal_Bool SvtSecurityOptions::IsSecureURL(   const   OUString&   sURL        ,
-                                            const   OUString&   sReferer    ) const
+bool SvtSecurityOptions::isSecureMacroUri(
+    OUString const & uri, OUString const & referer) const
 {
-    MutexGuard aGuard( GetInitMutex() );
-    return m_pDataContainer->IsSecureURL( sURL, sReferer );
+    switch (INetURLObject(uri).GetProtocol()) {
+    case INET_PROT_MACRO:
+        if (uri.startsWithIgnoreAsciiCase("macro:///")) {
+            // Denotes an App-BASIC macro (see SfxMacroLoader::loadMacro), which
+            // is considered safe:
+            return true;
+        }
+        // fall through
+    case INET_PROT_SLOT:
+        if (referer.equalsIgnoreAsciiCase("private:user")) {
+            return true;
+        }
+        {
+            MutexGuard g(GetInitMutex());
+            for (sal_Int32 i = 0;
+                 i != m_pDataContainer->m_seqSecureURLs.getLength(); ++i)
+            {
+                OUString pref(m_pDataContainer->m_seqSecureURLs[i]);
+                pref.endsWith("/", &pref);
+                if (referer.equalsIgnoreAsciiCase(pref)
+                    || referer.startsWithIgnoreAsciiCase(pref + "/"))
+                {
+                    return true;
+                }
+            }
+            return false;
+        }
+    default:
+        return true;
+    }
 }
 
 sal_Int32 SvtSecurityOptions::GetMacroSecurityLevel() const


More information about the Libreoffice-commits mailing list