From 30be732ae81bdc10488fd19825aac0d8230947e2 Mon Sep 17 00:00:00 2001 From: Greyson Parrelli Date: Mon, 11 Jun 2018 10:38:11 -0700 Subject: [PATCH] Don't auto-download attachments from unknown contacts. --- .../securesms/jobs/AttachmentDownloadJob.java | 3 ++- .../securesms/util/AttachmentUtil.java | 18 +++++++++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/org/thoughtcrime/securesms/jobs/AttachmentDownloadJob.java b/src/org/thoughtcrime/securesms/jobs/AttachmentDownloadJob.java index 4f66c695f0..369d3d5ed9 100644 --- a/src/org/thoughtcrime/securesms/jobs/AttachmentDownloadJob.java +++ b/src/org/thoughtcrime/securesms/jobs/AttachmentDownloadJob.java @@ -8,6 +8,7 @@ import android.util.Log; import org.greenrobot.eventbus.EventBus; import org.thoughtcrime.securesms.attachments.Attachment; import org.thoughtcrime.securesms.attachments.AttachmentId; +import org.thoughtcrime.securesms.attachments.DatabaseAttachment; import org.thoughtcrime.securesms.crypto.MasterSecret; import org.thoughtcrime.securesms.database.AttachmentDatabase; import org.thoughtcrime.securesms.database.DatabaseFactory; @@ -69,7 +70,7 @@ public class AttachmentDownloadJob extends MasterSecretJob implements Injectable public void onRun(MasterSecret masterSecret) throws IOException { final AttachmentDatabase database = DatabaseFactory.getAttachmentDatabase(context); final AttachmentId attachmentId = new AttachmentId(partRowId, partUniqueId); - final Attachment attachment = database.getAttachment(attachmentId); + final DatabaseAttachment attachment = database.getAttachment(attachmentId); if (attachment == null) { Log.w(TAG, "attachment no longer exists."); diff --git a/src/org/thoughtcrime/securesms/util/AttachmentUtil.java b/src/org/thoughtcrime/securesms/util/AttachmentUtil.java index 4975594913..9946bb99a7 100644 --- a/src/org/thoughtcrime/securesms/util/AttachmentUtil.java +++ b/src/org/thoughtcrime/securesms/util/AttachmentUtil.java @@ -2,6 +2,7 @@ package org.thoughtcrime.securesms.util; import android.content.Context; +import android.database.Cursor; import android.net.ConnectivityManager; import android.net.NetworkInfo; import android.support.annotation.NonNull; @@ -14,6 +15,7 @@ import org.thoughtcrime.securesms.attachments.Attachment; import org.thoughtcrime.securesms.attachments.AttachmentId; import org.thoughtcrime.securesms.attachments.DatabaseAttachment; import org.thoughtcrime.securesms.database.DatabaseFactory; +import org.thoughtcrime.securesms.database.model.MessageRecord; import java.util.Collections; import java.util.Set; @@ -22,12 +24,16 @@ public class AttachmentUtil { private static final String TAG = AttachmentUtil.class.getSimpleName(); - public static boolean isAutoDownloadPermitted(@NonNull Context context, @Nullable Attachment attachment) { + public static boolean isAutoDownloadPermitted(@NonNull Context context, @Nullable DatabaseAttachment attachment) { if (attachment == null) { Log.w(TAG, "attachment was null, returning vacuous true"); return true; } + if (isFromUnknownContact(context, attachment)) { + return false; + } + Set allowedTypes = getAllowedAutoDownloadTypes(context); String contentType = attachment.getContentType(); @@ -94,5 +100,15 @@ public class AttachmentUtil { return info != null && info.isConnected() && info.isRoaming() && info.getType() == ConnectivityManager.TYPE_MOBILE; } + private static boolean isFromUnknownContact(@NonNull Context context, @NonNull DatabaseAttachment attachment) { + try (Cursor messageCursor = DatabaseFactory.getMmsDatabase(context).getMessage(attachment.getMmsId())) { + final MessageRecord message = DatabaseFactory.getMmsDatabase(context).readerFor(messageCursor).getNext(); + if (message == null || !message.getRecipient().isSystemContact()) { + return true; + } + } + + return false; + } }