Prevent upload from sensitive path

Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>

Author: tobiasKaminsky

app/src/androidTest/java/com/nextcloud/client/EndToEndRandomIT.java

@@ -85,8 +85,9 @@ public enum Action {
     private static ArbitraryDataProvider arbitraryDataProvider;
 
     private OCFile currentFolder;
-    private int actionCount = 20;
+    private final int actionCount = 20;
     private String rootEncFolder = "/e/";
+    private final String nonEmptyFileName = "nonEmpty.txt";
 
     @Rule
     public RetryTestRule retryTestRule = new RetryTestRule();
@@ -405,15 +406,17 @@ private void downloadFile(int i) {
     public void testUploadWithCopy() throws Exception {
         init();
 
-        OCUpload ocUpload = new OCUpload(FileStorageUtils.getTemporalPath(account.name) + "/nonEmpty.txt",
-                                         currentFolder.getRemotePath() + "nonEmpty.txt",
+        OCUpload ocUpload = new OCUpload(FileStorageUtils.getInternalTemporalPath(account.name, targetContext)
+                                             + nonEmptyFileName,
+                                         currentFolder.getRemotePath() + nonEmptyFileName,
                                          account.name);
 
         uploadOCUpload(ocUpload, FileUploader.LOCAL_BEHAVIOUR_COPY);
 
-        File originalFile = new File(FileStorageUtils.getTemporalPath(account.name) + "/nonEmpty.txt");
+        File originalFile = new File(FileStorageUtils.getInternalTemporalPath(account.name, targetContext)
+                                         + nonEmptyFileName);
         OCFile uploadedFile = fileDataStorageManager.getFileByDecryptedRemotePath(currentFolder.getRemotePath() +
-                                                                                      "nonEmpty.txt");
+                                                                                      nonEmptyFileName);
 
         assertTrue(originalFile.exists());
         assertTrue(new File(uploadedFile.getStoragePath()).exists());
@@ -423,15 +426,17 @@ public void testUploadWithCopy() throws Exception {
     public void testUploadWithMove() throws Exception {
         init();
 
-        OCUpload ocUpload = new OCUpload(FileStorageUtils.getTemporalPath(account.name) + "/nonEmpty.txt",
-                                         currentFolder.getRemotePath() + "nonEmpty.txt",
+        OCUpload ocUpload = new OCUpload(FileStorageUtils.getInternalTemporalPath(account.name, targetContext)
+                                             + nonEmptyFileName,
+                                         currentFolder.getRemotePath() + nonEmptyFileName,
                                          account.name);
 
         uploadOCUpload(ocUpload, FileUploader.LOCAL_BEHAVIOUR_MOVE);
 
-        File originalFile = new File(FileStorageUtils.getTemporalPath(account.name) + "/nonEmpty.txt");
+        File originalFile = new File(FileStorageUtils.getInternalTemporalPath(account.name, targetContext)
+                                         + nonEmptyFileName);
         OCFile uploadedFile = fileDataStorageManager.getFileByDecryptedRemotePath(currentFolder.getRemotePath() +
-                                                                                      "nonEmpty.txt");
+                                                                                      nonEmptyFileName);
 
         assertFalse(originalFile.exists());
         assertTrue(new File(uploadedFile.getStoragePath()).exists());
@@ -441,15 +446,17 @@ public void testUploadWithMove() throws Exception {
     public void testUploadWithForget() throws Exception {
         init();
 
-        OCUpload ocUpload = new OCUpload(FileStorageUtils.getTemporalPath(account.name) + "/nonEmpty.txt",
-                                         currentFolder.getRemotePath() + "nonEmpty.txt",
+        OCUpload ocUpload = new OCUpload(FileStorageUtils.getInternalTemporalPath(account.name, targetContext)
+                                             + nonEmptyFileName,
+                                         currentFolder.getRemotePath() + nonEmptyFileName,
                                          account.name);
 
         uploadOCUpload(ocUpload, FileUploader.LOCAL_BEHAVIOUR_FORGET);
 
-        File originalFile = new File(FileStorageUtils.getTemporalPath(account.name) + "/nonEmpty.txt");
+        File originalFile = new File(FileStorageUtils.getInternalTemporalPath(account.name, targetContext)
+                                         + nonEmptyFileName);
         OCFile uploadedFile = fileDataStorageManager.getFileByDecryptedRemotePath(currentFolder.getRemotePath() +
-                                                                                      "nonEmpty.txt");
+                                                                                      nonEmptyFileName);
 
         assertTrue(originalFile.exists());
         assertFalse(new File(uploadedFile.getStoragePath()).exists());
@@ -459,15 +466,17 @@ public void testUploadWithForget() throws Exception {
     public void testUploadWithDelete() throws Exception {
         init();
 
-        OCUpload ocUpload = new OCUpload(FileStorageUtils.getTemporalPath(account.name) + "/nonEmpty.txt",
-                                         currentFolder.getRemotePath() + "nonEmpty.txt",
+        OCUpload ocUpload = new OCUpload(FileStorageUtils.getInternalTemporalPath(account.name, targetContext)
+                                             + nonEmptyFileName,
+                                         currentFolder.getRemotePath() + nonEmptyFileName,
                                          account.name);
 
         uploadOCUpload(ocUpload, FileUploader.LOCAL_BEHAVIOUR_DELETE);
 
-        File originalFile = new File(FileStorageUtils.getTemporalPath(account.name) + "/nonEmpty.txt");
+        File originalFile = new File(FileStorageUtils.getInternalTemporalPath(account.name, targetContext)
+                                         + nonEmptyFileName);
         OCFile uploadedFile = fileDataStorageManager.getFileByDecryptedRemotePath(currentFolder.getRemotePath() +
-                                                                                      "nonEmpty.txt");
+                                                                                      nonEmptyFileName);
 
         assertFalse(originalFile.exists());
         assertFalse(new File(uploadedFile.getStoragePath()).exists());

app/src/androidTest/java/com/owncloud/android/AbstractIT.java

@@ -202,7 +202,7 @@ public void enableAccessibilityChecks() {
 
     @After
     public void after() {
-        fileDataStorageManager.removeLocalFiles(user, fileDataStorageManager);
+        fileDataStorageManager.removeLocalFiles(user, fileDataStorageManager, targetContext);
         fileDataStorageManager.deleteAllFiles();
     }
 
@@ -215,7 +215,7 @@ protected Account[] getAllAccounts() {
     }
 
     protected static void createDummyFiles() throws IOException {
-        File tempPath = new File(FileStorageUtils.getTemporalPath(account.name));
+        File tempPath = new File(FileStorageUtils.getInternalTemporalPath(account.name, targetContext));
         if (!tempPath.exists()) {
             assertTrue(tempPath.mkdirs());
         }
@@ -253,7 +253,7 @@ protected static File getDummyFile(String name) throws IOException {
     }
 
     public static File createFile(String name, int iteration) throws IOException {
-        File file = new File(FileStorageUtils.getTemporalPath(account.name) + File.separator + name);
+        File file = new File(FileStorageUtils.getInternalTemporalPath(account.name, targetContext) + File.separator + name);
         if (!file.getParentFile().exists()) {
             assertTrue(file.getParentFile().mkdirs());
         }

app/src/androidTest/java/com/owncloud/android/AbstractOnServerIT.java

@@ -30,8 +30,11 @@
 import com.owncloud.android.lib.resources.files.RemoveFileRemoteOperation;
 import com.owncloud.android.lib.resources.files.model.RemoteFile;
 import com.owncloud.android.operations.RefreshFolderOperation;
+import com.owncloud.android.operations.SynchronizeFolderOperation;
 import com.owncloud.android.operations.UploadFileOperation;
 
+import junit.framework.TestCase;
+
 import org.apache.commons.httpclient.HttpStatus;
 import org.apache.commons.httpclient.methods.GetMethod;
 import org.junit.After;
@@ -227,8 +230,19 @@ public boolean isPowerSavingExclusionAvailable() {
         RemoteOperationResult result = newUpload.execute(client);
         assertTrue(result.getLogMessage(), result.isSuccess());
 
-        OCFile parentFolder = getStorageManager()
-            .getFileByEncryptedRemotePath(new File(ocUpload.getRemotePath()).getParent() + "/");
+        String parentFolderPath = (new File(ocUpload.getRemotePath()).getParent() + "/").replaceAll("//", "/");
+
+        OCFile parentFolder = getStorageManager().getFileByEncryptedRemotePath(parentFolderPath);
+
+        // Sync parent folder
+        TestCase.assertTrue(new SynchronizeFolderOperation(targetContext,
+                                                           parentFolderPath,
+                                                           user,
+                                                           System.currentTimeMillis(),
+                                                           fileDataStorageManager)
+                                .execute(targetContext)
+                                .isSuccess());
+
         String uploadedFileName = new File(ocUpload.getRemotePath()).getName();
         OCFile uploadedFile = getStorageManager().
             getFileByDecryptedRemotePath(parentFolder.getDecryptedRemotePath() + uploadedFileName);

app/src/androidTest/java/com/owncloud/android/DownloadIT.java

@@ -73,13 +73,15 @@ public void after() {
 
     @Test
     public void verifyDownload() {
-        OCUpload ocUpload = new OCUpload(FileStorageUtils.getTemporalPath(account.name) + "/nonEmpty.txt",
+        OCUpload ocUpload = new OCUpload(FileStorageUtils.getInternalTemporalPath(account.name, targetContext)
+                                             + "/nonEmpty.txt",
                                          FOLDER + "nonEmpty.txt",
                                          account.name);
 
         uploadOCUpload(ocUpload);
 
-        OCUpload ocUpload2 = new OCUpload(FileStorageUtils.getTemporalPath(account.name) + "/nonEmpty.txt",
+        OCUpload ocUpload2 = new OCUpload(FileStorageUtils.getInternalTemporalPath(account.name, targetContext)
+                                              + "/nonEmpty.txt",
                                           FOLDER + "nonEmpty2.txt",
                                           account.name);
 

app/src/androidTest/java/com/owncloud/android/FileIT.java

@@ -7,6 +7,7 @@
 import com.owncloud.android.operations.RenameFileOperation;
 import com.owncloud.android.operations.SynchronizeFolderOperation;
 import com.owncloud.android.operations.common.SyncOperation;
+import com.owncloud.android.utils.FileStorageUtils;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -118,7 +119,11 @@ public void testRenameFolder() throws IOException {
 
         // Rename
         assertTrue(
-            new RenameFileOperation(folderPath, "test123", fileDataStorageManager)
+            new RenameFileOperation(folderPath,
+                                    "test123",
+                                    fileDataStorageManager,
+                                    FileStorageUtils.getInternalTemporalPath("", targetContext)
+            )
                 .execute(targetContext)
                 .isSuccess()
                   );