[grilo-plugins] lua-factory: Block plain text queries when source doesn't advertise it

From: Bastien Nocera <hadess src gnome org>
To: commits-list gnome org
Cc:
Subject: [grilo-plugins] lua-factory: Block plain text queries when source doesn't advertise it
Date: Fri, 17 Jul 2015 12:18:26 +0000 (UTC)

commit 975a8101fda913fb86bfd1cb94c8b2c8004f78df
Author: Bastien Nocera <hadess hadess net>
Date:   Thu Jul 2 12:46:20 2015 +0200

    lua-factory: Block plain text queries when source doesn't advertise it
    
    To avoid sources from doing plain text queries without advertising them,
    verify the schemes used by the URLs passed to grl.fetch.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=747953

 src/lua-factory/grl-lua-library.c |   33 +++++++++++++++++++++++++++++++++
 1 files changed, 33 insertions(+), 0 deletions(-)
---
diff --git a/src/lua-factory/grl-lua-library.c b/src/lua-factory/grl-lua-library.c
index 10c253a..de41a87 100644
--- a/src/lua-factory/grl-lua-library.c
+++ b/src/lua-factory/grl-lua-library.c
@@ -187,6 +187,31 @@ grl_data_set_lua_string (GrlData    *data,
   }
 }
 
+static gboolean
+verify_plaintext_fetch (GrlSource  *source,
+                        char      **urls,
+                        guint       num_urls)
+{
+  const char **tags;
+  gboolean has_plaintext_tag;
+  guint i;
+
+  tags = grl_source_get_tags (source);
+  has_plaintext_tag = (tags && g_strv_contains (tags, "net:plaintext"));
+
+  /* No need to verify the URLs, the source is saying that they do
+   * plaintext queries, so nothing for us to block */
+  if (has_plaintext_tag)
+    return TRUE;
+
+  for (i = 0; i < num_urls; i++) {
+    if (g_str_has_prefix (urls[i], "http:"))
+      return FALSE;
+  }
+
+  return TRUE;
+}
+
 /* Top of the stack must be a table */
 static void
 grl_util_add_table_to_media (lua_State *L,
@@ -939,6 +964,14 @@ grl_l_fetch (lua_State *L)
     }
   }
 
+  if (!verify_plaintext_fetch (os->source, urls, num_urls)) {
+    GRL_WARNING ("Source '%s' is broken, it makes plaintext network queries but "
+                 "does not set the 'net:plaintext' tag", grl_source_get_id (os->source));
+    g_free (urls);
+    os->pending_ops--;
+    return 1;
+  }
+
   lua_callback = lua_tolstring (L, 2, NULL);
 
   wc = net_wc_new_with_options(L, 3);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]