aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2021-01-26 14:53:43 +0100
committerKim Alvefur <zash@zash.se>2021-01-26 14:53:43 +0100
commit456ca909e253ce26bf435619a91a3e1fa40f87dd (patch)
treeb7e61588f782a8ad2fc73a51164c672473da949c
parenta98f3a3e64d3ae74cb666310ad465c6066025fcb (diff)
downloadprosody-456ca909e253ce26bf435619a91a3e1fa40f87dd.tar.gz
prosody-456ca909e253ce26bf435619a91a3e1fa40f87dd.zip
mod_http_file_share: Add file type filter
Unlike mod_http_upload, this can't be bypassed by uploading with a different file extension.
-rw-r--r--plugins/mod_http_file_share.lua6
-rw-r--r--spec/scansion/http_upload.scs13
-rw-r--r--spec/scansion/prosody.cfg.lua1
3 files changed, 20 insertions, 0 deletions
diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua
index d7ac904a..a4ac4693 100644
--- a/plugins/mod_http_file_share.lua
+++ b/plugins/mod_http_file_share.lua
@@ -29,6 +29,7 @@ local uploads = module:open_store("uploads", "archive");
local secret = module:get_option_string(module.name.."_secret", require"util.id".long());
local external_base_url = module:get_option_string(module.name .. "_base_url");
local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB
+local file_types = module:get_option_set(module.name .. "_allowed_file_types", {});
local access = module:get_option_set(module.name .. "_access", {});
@@ -44,6 +45,7 @@ module:add_extension(dataform {
local upload_errors = errors.init(module.name, namespace, {
access = { "auth"; "forbidden" };
filename = { "modify"; "bad-request", "Invalid filename" };
+ filetype = { "modify"; "not-acceptable", "File type not allowed" };
filesize = { "modify"; "not-acceptable"; "File too large";
st.stanza("file-too-large", {xmlns = namespace}):tag("max-size"):text(tostring(file_size_limit)); };
});
@@ -63,6 +65,10 @@ function may_upload(uploader, filename, filesize, filetype) -- > boolean, error
return false, upload_errors.new("filesize");
end
+ if not ( file_types:empty() or file_types:contains(filetype) or file_types:contains(filetype:gsub("/.*", "/*")) ) then
+ return false, upload_errors.new("filetype");
+ end
+
return true;
end
diff --git a/spec/scansion/http_upload.scs b/spec/scansion/http_upload.scs
index 72552946..ab87ddee 100644
--- a/spec/scansion/http_upload.scs
+++ b/spec/scansion/http_upload.scs
@@ -50,6 +50,19 @@ Romeo receives:
</error>
</iq>
+Romeo sends:
+ <iq to='upload.localhost' type='get' id='1401d3b5-7973-486f-85b3-3e63d13c7f0e' xml:lang='en'>
+ <request content-type='application/x-executable' filename='evil.exe' xmlns='urn:xmpp:http:upload:0' size='1000'/>
+ </iq>
+
+Romeo receives:
+ <iq id='1401d3b5-7973-486f-85b3-3e63d13c7f0e' from='upload.localhost' type='error'>
+ <error type='modify'>
+ <not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
+ <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>File type not allowed</text>
+ </error>
+ </iq>
+
Romeo disconnects
# recording ended on 2021-01-27T22:10:46Z
diff --git a/spec/scansion/prosody.cfg.lua b/spec/scansion/prosody.cfg.lua
index d0964c05..3ed97e31 100644
--- a/spec/scansion/prosody.cfg.lua
+++ b/spec/scansion/prosody.cfg.lua
@@ -134,3 +134,4 @@ Component "pubsub.localhost" "pubsub"
Component "upload.localhost" "http_file_share"
http_file_share_size_limit = 10000000
+http_file_share_allowed_file_types = { "text/plain", "image/*" }