status-mobile/src/status_im/utils/security.cljs

58 lines
1.7 KiB
Plaintext
Raw Normal View History

(ns status-im.utils.security
(:require [status-im.utils.security-html :as h]))
(defprotocol Unmaskable
;; Retrieve the stored value.
(unmask [this]))
;; MaskedData ensures that the object passed to it won't be occasionally printed
;; via println or log functions. Useful for keeping sensitive data, such as passwords
;; to avoid accidentally exposing them.
(deftype MaskedData [data]
Object
(toString [_] "******")
2020-06-09 14:56:49 +00:00
ICounted
(-count [^js this]
(count (.-data this)))
IEquiv
(-equiv [this other]
(if (instance? MaskedData other)
(= (unmask this)
(unmask other))
false))
Unmaskable
(unmask [^js this]
(.-data this)))
;; Returns a MaskedData instance that stores the piece of data.
(defn mask-data [data]
(MaskedData. data))
(defn safe-unmask-data [data]
(if (instance? MaskedData data)
(unmask data)
data))
;; Links starting with javascript:// should not be handled at all
Render markdown Fixes: https://github.com/status-im/trailofbits-audit/issues/47 Fixes: https://github.com/status-im/trailofbits-audit/issues/46 Fixes: https://github.com/status-im/trailofbits-audit/issues/44 Fixes: https://github.com/status-im/security-reports/issues/13 Fixes: https://github.com/status-im/security-reports/issues/5 Fixes: https://github.com/status-im/status-react/issues/8995 This commits re-introduce rendering of markdown text and implent a few changes: 1) Parsing of the message content is now in status-go, this includes markdown, line-count, and rtl. Parsing is not nested, as there's some rendering degradation involved as we nest components, unclear exactly if it's react-native or clojure, haven't looked too deeply into it. 2) Emojii type messages are not parsed on the sending side, not the receiving one, using the appropriate content-type 3) Fixes a few issues with chat input rendering, currrently we use `chats/current-chat` subscription which is very heavy and should not be used unless necessary, and means that any change to chat will trigger a re-render, which caused re-rendering of input container on each received message. Also to note that input-container is fairly heavy to render, and it's rendered twice at each keypress on input. The inline markdow supported is: *italic* or _italic_ **bold** or __bold__ `inline code` http://test.com links \#status-tag The block markdown supported is: \# Headers ``` code blocks ``` > Quotereply The styling is very basic at the moment, but can be improved. Adding other markdown (photo,mentions) is straightforward and should come at little performance cost (unless the component to render is heavy, i.e a photo for example). There are some behavioral changes with this commit: 1) Links are only parsed if starting with http:// or https://, meaning that blah.com won't be parsed, nor www.test.com. This behavior is consistent with discord for example and allows faster parsing at little expense to ser experience imo. Fixes a few security issues as well. 2) Content is not anymore capped (regression), that's due to the fact that before we only rendered text and react-native allowed us easily to limit the number of lines, but adding markdown support means that this strategy is not viable anymore. Performance of rendering don't see to be very much impacted by this, I would re-introduce it if necessary, but I'd rather do that in a separate PR. Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
2019-11-07 13:41:37 +00:00
(def javascript-link-regex #"(?i)javascript://.*")
;; Anything with rtlo character we don't handle as it might be a spoofed url
(def rtlo-link-regex #".*\u202e.*")
(defn safe-link?
"Check the link is safe to be handled, it is not a javavascript link or contains
an rtlo character, which might mean is a spoofed url"
[link]
(let [decoded-link (js/decodeURIComponent link)]
(not (or (re-matches javascript-link-regex decoded-link)
(re-matches rtlo-link-regex decoded-link)
(h/is-html? decoded-link)))))
(defn safe-link-text?
"Check the text of the message containing a link is safe to be handled
and does not contain an rtlo character, which might mean that the url is spoofed"
[text]
(not (re-matches rtlo-link-regex text)))