Fix evil encrypted file event with null url
This commit is contained in:
parent
baf024af84
commit
9a33ba3ed2
3 changed files with 92 additions and 6 deletions
|
@ -539,15 +539,15 @@ async function eventToMessage(event, guild, di) {
|
|||
if (event.type === "m.room.message" && (event.content.msgtype === "m.file" || event.content.msgtype === "m.video" || event.content.msgtype === "m.audio" || event.content.msgtype === "m.image")) {
|
||||
content = ""
|
||||
const filename = event.content.filename || event.content.body
|
||||
if ("url" in event.content) {
|
||||
// Unencrypted
|
||||
attachments.push({id: "0", filename})
|
||||
pendingFiles.push({name: filename, mxc: event.content.url})
|
||||
} else {
|
||||
if ("file" in event.content) {
|
||||
// Encrypted
|
||||
assert.equal(event.content.file.key.alg, "A256CTR")
|
||||
attachments.push({id: "0", filename})
|
||||
pendingFiles.push({name: filename, mxc: event.content.file.url, key: event.content.file.key.k, iv: event.content.file.iv})
|
||||
} else {
|
||||
// Unencrypted
|
||||
attachments.push({id: "0", filename})
|
||||
pendingFiles.push({name: filename, mxc: event.content.url})
|
||||
}
|
||||
// Check if we also need to process a text event for this image - if it has a caption that's different from its filename
|
||||
if ((event.content.body && event.content.filename && event.content.body !== event.content.filename) || event.content.formatted_body) {
|
||||
|
|
|
@ -3956,6 +3956,91 @@ test("event2message: encrypted image attachments work", async t => {
|
|||
)
|
||||
})
|
||||
|
||||
test("event2message: evil encrypted image attachment works", async t => {
|
||||
t.deepEqual(
|
||||
await eventToMessage({
|
||||
sender: "@austin:tchncs.de",
|
||||
type: "m.room.message",
|
||||
content: {
|
||||
body: "Screenshot 2025-06-29 at 13.36.46.png",
|
||||
file: {
|
||||
hashes: {
|
||||
sha256: "Vh1apd8wSFu/BpUdQbIrKUzFB0Uu+l1octgZL+aVGTQ"
|
||||
},
|
||||
iv: "sd33K7pSZNMAAAAAAAAAAA",
|
||||
key: {
|
||||
alg: "A256CTR",
|
||||
ext: true,
|
||||
k: "-nyqk1eqI-g-ND59P9qHp310-Qyc2A5gSAYm1BxopSg",
|
||||
key_ops: [
|
||||
"encrypt",
|
||||
"decrypt"
|
||||
],
|
||||
kty: "oct"
|
||||
},
|
||||
url: "mxc://tchncs.de/eac5f83fa97cd74062daf75dfa04d6e5356897281939377544214085632",
|
||||
v: "v2"
|
||||
},
|
||||
info: {
|
||||
h: 682,
|
||||
mimetype: "image/png",
|
||||
"org.matrix.msc4230.is_animated": false,
|
||||
size: 1813154,
|
||||
thumbnail_file: {
|
||||
hashes: {
|
||||
sha256: "o3xykQwfsTUf5Y8qP5fjT7qBv5lAT3rtkmPpise5eQw"
|
||||
},
|
||||
iv: "SNxIZsJkju4AAAAAAAAAAA",
|
||||
key: {
|
||||
alg: "A256CTR",
|
||||
ext: true,
|
||||
k: "CcibYjzzSDexOWBbcBh_kCDiLibg8vUZthz5CnxV0es",
|
||||
key_ops: [
|
||||
"encrypt",
|
||||
"decrypt"
|
||||
],
|
||||
kty: "oct"
|
||||
},
|
||||
url: "mxc://tchncs.de/ecd811d913ed1b240ebfc81517a5de2c3a1e9d401939377537079574528",
|
||||
v: "v2"
|
||||
},
|
||||
thumbnail_info: {
|
||||
h: 600,
|
||||
mimetype: "image/png",
|
||||
size: 451773,
|
||||
w: 507
|
||||
},
|
||||
thumbnail_url: null,
|
||||
w: 577,
|
||||
"xyz.amorgan.blurhash": "TqN1Ais=t1~qRjWFxURiWCM{ofof"
|
||||
},
|
||||
"m.mentions": {},
|
||||
msgtype: "m.image",
|
||||
url: null
|
||||
},
|
||||
event_id: "$UKMbzTlqlyLYN78utVEtiivABFvOe39nx5trHwqNmeQ",
|
||||
room_id: "!iSyXgNxQcEuXoXpsSn:pussthecat.org"
|
||||
}),
|
||||
{
|
||||
ensureJoined: [],
|
||||
messagesToDelete: [],
|
||||
messagesToEdit: [],
|
||||
messagesToSend: [{
|
||||
username: "Austin Huang",
|
||||
content: "",
|
||||
avatar_url: "https://bridge.example.org/download/matrix/tchncs.de/090a2b5e07eed2f71e84edad5207221e6c8f8b8e",
|
||||
attachments: [{id: "0", filename: "Screenshot 2025-06-29 at 13.36.46.png"}],
|
||||
pendingFiles: [{
|
||||
name: "Screenshot 2025-06-29 at 13.36.46.png",
|
||||
mxc: "mxc://tchncs.de/eac5f83fa97cd74062daf75dfa04d6e5356897281939377544214085632",
|
||||
key: "-nyqk1eqI-g-ND59P9qHp310-Qyc2A5gSAYm1BxopSg",
|
||||
iv: "sd33K7pSZNMAAAAAAAAAAA"
|
||||
}]
|
||||
}]
|
||||
}
|
||||
)
|
||||
})
|
||||
|
||||
test("event2message: stickers work", async t => {
|
||||
t.deepEqual(
|
||||
await eventToMessage({
|
||||
|
|
|
@ -160,7 +160,8 @@ INSERT INTO member_cache (room_id, mxid, displayname, avatar_url, power_level) V
|
|||
('!TqlyQmifxGUggEmdBN:cadence.moe', '@Milan:tchncs.de', 'Milan', NULL, 0),
|
||||
('!TqlyQmifxGUggEmdBN:cadence.moe', '@ampflower:matrix.org', 'Ampflower 🌺', 'mxc://cadence.moe/PRfhXYBTOalvgQYtmCLeUXko', 0),
|
||||
('!TqlyQmifxGUggEmdBN:cadence.moe', '@aflower:syndicated.gay', 'Rose', 'mxc://syndicated.gay/ZkBUPXCiXTjdJvONpLJmcbKP', 0),
|
||||
('!TqlyQmifxGUggEmdBN:cadence.moe', '@cadence:cadence.moe', 'cadence [they]', NULL, 0);
|
||||
('!TqlyQmifxGUggEmdBN:cadence.moe', '@cadence:cadence.moe', 'cadence [they]', NULL, 0),
|
||||
('!iSyXgNxQcEuXoXpsSn:pussthecat.org', '@austin:tchncs.de', 'Austin Huang', 'mxc://tchncs.de/090a2b5e07eed2f71e84edad5207221e6c8f8b8e', 0);
|
||||
|
||||
INSERT INTO reaction (hashed_event_id, message_id, encoded_emoji) VALUES
|
||||
(5162930312280790092, '1141501302736695317', '%F0%9F%90%88');
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue