content-hub

Merge lp:~ken-vandine/content-hub/url-dispatcher into lp:content-hub

  1. url-dispatcher
  2. Merge into trunk
Proposed by Ken VanDine
Status: Merged
Approved by: Michael Sheldon
Approved revision: 209
Merged at revision: 209
Proposed branch: lp:~ken-vandine/content-hub/url-dispatcher
Merge into: lp:content-hub
Diff against target: 401 lines (+343/-0)
9 files modified
CMakeLists.txt (+1/-0)
debian/content-hub.install (+3/-0)
tools/CMakeLists.txt (+17/-0)
tools/send/CMakeLists.txt (+59/-0)
tools/send/autoexporter.cpp (+79/-0)
tools/send/autoexporter.h (+50/-0)
tools/send/content-hub-send.desktop (+9/-0)
tools/send/content-hub-send.url-dispatcher (+5/-0)
tools/send/exporter.cpp (+120/-0)
To merge this branch: bzr merge lp:~ken-vandine/content-hub/url-dispatcher
Reviewer Review Type Date Requested Status
Michael Sheldon (community) Approve
PS Jenkins bot continuous-integration Approve
Review via email: mp+259039@code.launchpad.net

Commit message

Added url-dispatcher integration. This allows export and share requests to be initiated by opening a url.

Description of the change

Added url-dispatcher integration. This allows export and share requests to be initiated by opening a url. For example, to create a share request to facebook you could open a url like:

"content:?pkg=com.ubuntu.developer.webapps.webapp-facebook&app=webapp-facebook&handler=share&url=http://www.ubuntu.com"

Parameters:
 * pkg - click package name (required)
 * app - click app name, ubuntu-app-launch will attempt to guess if not provided
 * ver - version of the click package, defaults to "current-user-version"
 * handler - export or share, defaults to defaults to "export"

A simple way to test this would be to run this from a shell:

url-dispatcher "content:?pkg=messaging-app&handler=share&url=http://www.ubuntu.com"

This will open the messaging-app and insert the link

File transfers are prohibited, for security reasons. So this only works for remote links and text shares.

To post a comment you must log in.
lp:~ken-vandine/content-hub/url-dispatcher updated
205. By Ken VanDine

tidy up a bit

206. By Ken VanDine

merged trunk

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:206
http://jenkins.qa.ubuntu.com/job/content-hub-ci/254/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-amd64-ci/50
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-armhf-ci/50
        deb: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-armhf-ci/50/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-i386-ci/50

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/content-hub-ci/254/rebuild

review: Approve (continuous-integration)
lp:~ken-vandine/content-hub/url-dispatcher updated
207. By Ken VanDine

Cleaned up appId creation and all text to be set

208. By Ken VanDine

white space cleanup

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:208
http://jenkins.qa.ubuntu.com/job/content-hub-ci/256/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-amd64-ci/52
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-armhf-ci/52
        deb: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-armhf-ci/52/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-i386-ci/52

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/content-hub-ci/256/rebuild

review: Approve (continuous-integration)
Revision history for this message
Ken VanDine (ken-vandine) wrote :

Are there any related MPs required for this MP to build/function as expected? Please list.

 * No

Is your branch in sync with latest trunk (e.g. bzr pull lp:trunk -> no changes)

 * Yes

Did you perform an exploratory manual test run of your code change and any related functionality on device or emulator?

 * Yes

Did you successfully run all tests found in your component's Test Plan (https://wiki.ubuntu.com/Process/Merges/TestPlan/content-hub) on device or emulator?

 * Yes, plus I ran the url-dispatcher test in the description. I'll add that to the test plan after this lands

If you changed the UI, was the change specified/approved by design?

 * No change

If you changed UI labels, did you update the pot file?

 * No change

If you changed the packaging (debian), did you add a core-dev as a reviewer to this MP?

 * There are packaging changes, I'm a core-dev

Revision history for this message
Michael Sheldon (michael-sheldon) wrote :

This doesn't appear to obey apparmor profiles, so as it stands this could potentially give unrestricted access to all files owned by the phablet user.

For example, creating a simple QML app that calls:

Qt.openUrlExternally("content:?pkg=com.ubuntu.developer.ken-vandine.hub-importer&url=file:///home/phablet/.ssh/known_hosts");

Will result in a user's SSH known_hosts file being sent to the hub-importer app (but potentially an app could be using this to send files directly back to itself and it could be grabbing much more important files if they exist, like ~/.ssh/id_rsa).

Unfortunately I don't think applying the apparmor profile of the app which called url-dispatcher will be enough either, as a malicious developer could create a website like http://mikeasoft.com/~mike/urlhack.php which does a header redirect to "content:?pkg=com.ubuntu.developer.ken-vandine.hub-importer&url=file:///home/phablet/.ssh/known_hosts". They would then call Qt.openUrlExternally("http://mikeasoft.com/~mike/urlhack.php") in their app, which would launch the webbrowser. The urlhack page would then cause the webbrowser to issue the request to the url-dispatcher instead of the originating app, and since the webbrowser is unconfined this would again provide a mechanism for accessing all of a user's files from a confined app.

review: Needs Fixing
lp:~ken-vandine/content-hub/url-dispatcher updated
209. By Ken VanDine

Don't support file transfers via url-dispatcher

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:209
http://jenkins.qa.ubuntu.com/job/content-hub-ci/257/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-amd64-ci/53
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-armhf-ci/53
        deb: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-armhf-ci/53/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-i386-ci/53

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/content-hub-ci/257/rebuild

review: Approve (continuous-integration)
Revision history for this message
Michael Sheldon (michael-sheldon) wrote :

Did you perform an exploratory manual test run of the code change and any related functionality on device or emulator?

 * Yes

Did CI run pass? If not, please explain why.

 * Yes

Have you checked that submitter has accurately filled out the submitter checklist and has taken no shortcut?

 * Yes

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'CMakeLists.txt'
--- CMakeLists.txt 2014-08-14 11:49:28 +0000
+++ CMakeLists.txt 2015-05-15 14:21:06 +0000
@@ -103,6 +103,7 @@
103add_subdirectory(import)103add_subdirectory(import)
104add_subdirectory(examples)104add_subdirectory(examples)
105add_subdirectory(tests)105add_subdirectory(tests)
106add_subdirectory(tools)
106107
107install(DIRECTORY include DESTINATION ${CMAKE_INSTALL_PREFIX})108install(DIRECTORY include DESTINATION ${CMAKE_INSTALL_PREFIX})
108109
109110
=== modified file 'debian/content-hub.install'
--- debian/content-hub.install 2014-11-18 14:59:03 +0000
+++ debian/content-hub.install 2015-05-15 14:21:06 +0000
@@ -1,6 +1,9 @@
1usr/bin/content-hub-send
1usr/bin/content-hub-service2usr/bin/content-hub-service
2usr/lib/*/content-hub3usr/lib/*/content-hub
3usr/share/click/hooks4usr/share/click/hooks
4usr/share/dbus-15usr/share/dbus-1
5usr/share/glib-2.0/schemas6usr/share/glib-2.0/schemas
6usr/share/locale/*/LC_MESSAGES/content-hub.mo7usr/share/locale/*/LC_MESSAGES/content-hub.mo
8usr/share/applications/content-hub-send.desktop
9usr/share/url-dispatcher/urls/content-hub-send.url-dispatcher
710
=== added directory 'tools'
=== added file 'tools/CMakeLists.txt'
--- tools/CMakeLists.txt 1970-01-01 00:00:00 +0000
+++ tools/CMakeLists.txt 2015-05-15 14:21:06 +0000
@@ -0,0 +1,17 @@
1# Copyright © 2015 Canonical Ltd.
2#
3# This program is free software: you can redistribute it and/or modify
4# it under the terms of the GNU General Public License version 3 as
5# published by the Free Software Foundation.
6#
7# This program is distributed in the hope that it will be useful,
8# but WITHOUT ANY WARRANTY; without even the implied warranty of
9# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10# GNU General Public License for more details.
11#
12# You should have received a copy of the GNU General Public License
13# along with this program. If not, see <http://www.gnu.org/licenses/>.
14#
15# Authored by: Ken VanDine <ken.vandine@canonical.com>
16
17add_subdirectory(send)
018
=== added directory 'tools/send'
=== added file 'tools/send/CMakeLists.txt'
--- tools/send/CMakeLists.txt 1970-01-01 00:00:00 +0000
+++ tools/send/CMakeLists.txt 2015-05-15 14:21:06 +0000
@@ -0,0 +1,59 @@
1# Copyright © 2015 Canonical Ltd.
2#
3# This program is free software: you can redistribute it and/or modify
4# it under the terms of the GNU General Public License version 3 as
5# published by the Free Software Foundation.
6#
7# This program is distributed in the hope that it will be useful,
8# but WITHOUT ANY WARRANTY; without even the implied warranty of
9# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10# GNU General Public License for more details.
11#
12# You should have received a copy of the GNU General Public License
13# along with this program. If not, see <http://www.gnu.org/licenses/>.
14#
15# Authored by: Ken VanDine <ken.vandine@canonical.com>
16
17include_directories(
18 ${CMAKE_CURRENT_BINARY_DIR}
19 ${CMAKE_SOURCE_DIR}/src/com/ubuntu/content
20 ${UBUNTU_LAUNCH_INCLUDE_DIRS}
21)
22
23add_executable(
24 content-hub-send
25
26 exporter.cpp
27 autoexporter.cpp
28 ${CMAKE_SOURCE_DIR}/src/com/ubuntu/content/debug.cpp
29)
30
31qt5_use_modules(content-hub-send Core Gui DBus)
32
33set_target_properties(
34 content-hub-send
35 PROPERTIES
36 AUTOMOC TRUE
37)
38
39target_link_libraries(
40 content-hub-send
41
42 content-hub
43 ${UBUNTU_LAUNCH_LDFLAGS}
44)
45
46install(
47 TARGETS content-hub-send
48 RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
49)
50
51install(
52 FILES content-hub-send.desktop
53 DESTINATION ${CMAKE_INSTALL_DATADIR}/applications
54)
55
56install(
57 FILES content-hub-send.url-dispatcher
58 DESTINATION share/url-dispatcher/urls
59)
060
=== added file 'tools/send/autoexporter.cpp'
--- tools/send/autoexporter.cpp 1970-01-01 00:00:00 +0000
+++ tools/send/autoexporter.cpp 2015-05-15 14:21:06 +0000
@@ -0,0 +1,79 @@
1/*
2 * Copyright (C) 2015 Canonical, Ltd.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; version 3.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 *
16 * Authored by: Ken VanDine <ken.vandine@canonical.com>
17 */
18
19#include "autoexporter.h"
20#include "debug.h"
21
22AutoExporter::AutoExporter()
23{
24 auto hub = cuc::Hub::Client::instance();
25 hub->register_import_export_handler(this);
26}
27
28void AutoExporter::setUrl(const QString& newUrl)
29{
30 url = newUrl;
31}
32
33void AutoExporter::setText(const QString& newText)
34{
35 text = newText;
36}
37
38void AutoExporter::handle_import(cuc::Transfer *transfer)
39{
40 TRACE() << Q_FUNC_INFO << "not implemented";
41 Q_UNUSED(transfer);
42}
43
44void AutoExporter::handle_export(cuc::Transfer *transfer)
45{
46 TRACE() << Q_FUNC_INFO;
47 if (transfer == nullptr) {
48 TRACE() << Q_FUNC_INFO << "Transfer null";
49 return;
50 }
51
52 cuc::Item item;
53
54 if (!url.isEmpty())
55 item.setUrl(QUrl(url));
56 if (!text.isEmpty())
57 item.setText(text);
58
59 QVector<cuc::Item> items;
60 items << item;
61 transfer->charge(items);
62 connect(transfer, SIGNAL(stateChanged()), this, SLOT(stateChanged()));
63 TRACE() << Q_FUNC_INFO << "Items:" << items.count();
64}
65
66void AutoExporter::handle_share(cuc::Transfer *transfer)
67{
68 TRACE() << Q_FUNC_INFO << "not implemented";
69 Q_UNUSED(transfer);
70}
71
72void AutoExporter::stateChanged()
73{
74 cuc::Transfer *transfer = static_cast<cuc::Transfer*>(sender());
75 TRACE() << Q_FUNC_INFO << "STATE:" << transfer->state();
76
77 if (transfer->state() == cuc::Transfer::collected)
78 QCoreApplication::instance()->quit();
79}
080
=== added file 'tools/send/autoexporter.h'
--- tools/send/autoexporter.h 1970-01-01 00:00:00 +0000
+++ tools/send/autoexporter.h 2015-05-15 14:21:06 +0000
@@ -0,0 +1,50 @@
1/*
2 * Copyright (C) 2015 Canonical, Ltd.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; version 3.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 *
16 * Authored by: Ken VanDine <ken.vandine@canonical.com>
17 */
18
19#ifndef AUTOEXPORTER_H
20#define AUTOEXPORTER_H
21
22#include <QObject>
23#include <QString>
24#include <com/ubuntu/content/hub.h>
25#include <com/ubuntu/content/transfer.h>
26#include <com/ubuntu/content/import_export_handler.h>
27
28namespace cuc = com::ubuntu::content;
29
30class AutoExporter : public cuc::ImportExportHandler
31{
32 Q_OBJECT
33
34public:
35 AutoExporter();
36
37public slots:
38 Q_INVOKABLE void handle_import(cuc::Transfer*);
39 Q_INVOKABLE void handle_export(cuc::Transfer*);
40 Q_INVOKABLE void handle_share(cuc::Transfer*);
41 Q_INVOKABLE void stateChanged();
42 void setUrl(const QString&);
43 void setText(const QString&);
44
45private:
46 QString url;
47 QString text;
48};
49
50#endif // AUTOEXPORTER_H
051
=== added file 'tools/send/content-hub-send.desktop'
--- tools/send/content-hub-send.desktop 1970-01-01 00:00:00 +0000
+++ tools/send/content-hub-send.desktop 2015-05-15 14:21:06 +0000
@@ -0,0 +1,9 @@
1[Desktop Entry]
2Name=Content Hub Send
3Comment=Content Hub Send
4Exec=content-hub-send %U
5Icon=
6Terminal=false
7Type=Application
8OnlyShowIn=Old
9X-Ubuntu-Touch=true
010
=== added file 'tools/send/content-hub-send.url-dispatcher'
--- tools/send/content-hub-send.url-dispatcher 1970-01-01 00:00:00 +0000
+++ tools/send/content-hub-send.url-dispatcher 2015-05-15 14:21:06 +0000
@@ -0,0 +1,5 @@
1[
2 {
3 "protocol": "content"
4 }
5]
06
=== added file 'tools/send/exporter.cpp'
--- tools/send/exporter.cpp 1970-01-01 00:00:00 +0000
+++ tools/send/exporter.cpp 2015-05-15 14:21:06 +0000
@@ -0,0 +1,120 @@
1/*
2 * Copyright (C) 2015 Canonical, Ltd.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; version 3.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 *
16 * Authored by: Ken VanDine <ken.vandine@canonical.com>
17 */
18
19#include <QCoreApplication>
20#include <QStringList>
21#include <QUrlQuery>
22#include <ubuntu-app-launch.h>
23
24#include "autoexporter.h"
25#include "debug.h"
26
27namespace cuc = com::ubuntu::content;
28
29int main(int argc, char *argv[])
30{
31 QCoreApplication a(argc, argv);
32 if (qgetenv("APP_ID").isEmpty()) {
33 qputenv("APP_ID", "content-hub-send-file");
34 }
35
36 /* read environment variables */
37 QProcessEnvironment environment = QProcessEnvironment::systemEnvironment();
38 if (environment.contains(QLatin1String("CONTENT_HUB_LOGGING_LEVEL"))) {
39 bool isOk;
40 int value = environment.value(
41 QLatin1String("CONTENT_HUB_LOGGING_LEVEL")).toInt(&isOk);
42 if (isOk)
43 setLoggingLevel(value);
44 }
45
46 std::string handler = "export";
47 QString url, text, appId;
48 gchar* pkg = NULL;
49 gchar* app = NULL;
50 gchar* ver = NULL;
51
52 /* URL handled looks like:
53 * content:?pkg=foo&app=bar&ver=0.1&url=path&text=text
54 * Only pkg is required.
55 */
56
57 QUrlQuery* query = new QUrlQuery(a.arguments().at(1).split("?").at(1));
58 TRACE() << "Handling URL:" << query->query();
59
60 if (query->hasQueryItem("pkg"))
61 pkg = g_strdup(query->queryItemValue("pkg").toStdString().c_str());
62 else {
63 qWarning() << "PKG is required";
64 return 1;
65 }
66 if (query->hasQueryItem("app"))
67 app = g_strdup(query->queryItemValue("app").toStdString().c_str());
68 if (query->hasQueryItem("ver"))
69 ver = g_strdup(query->queryItemValue("ver").toStdString().c_str());
70 if (query->hasQueryItem("handler"))
71 handler = query->queryItemValue("handler").toStdString();
72 url = query->queryItemValue("url");
73
74 /* Don't support file transfers via url-dispatcher
75 * it would allow unconfined access to any file simply
76 * by constructing an evil file url
77 */
78 if (url.startsWith("file")) {
79 qWarning() << "File transfers are not supported";
80 return 1;
81 }
82
83 text = query->queryItemValue("text");
84 TRACE() << "URL:" << url;
85 TRACE() << "PKG:" << pkg;
86 TRACE() << "APP:" << app;
87 TRACE() << "VER:" << ver;
88 TRACE() << "HANDLER:" << handler.c_str();
89
90 appId = QString::fromLocal8Bit(ubuntu_app_launch_triplet_to_app_id(pkg, app, ver));
91 if (appId.isNull())
92 appId = QString(pkg);
93
94 if (appId.isEmpty())
95 {
96 qWarning() << "Unable to determine peer";
97 return 1;
98 }
99
100 AutoExporter exporter;
101 if (!url.isEmpty())
102 exporter.setUrl(url);
103
104 if (!text.isEmpty())
105 exporter.setText(text);
106
107 TRACE() << "APP_ID:" << appId;
108
109 auto hub = cuc::Hub::Client::instance();
110 auto peer = cuc::Peer{appId};
111 if (handler == "share") {
112 auto transfer = hub->create_share_to_peer(peer);
113 exporter.handle_export(transfer);
114 } else {
115 auto transfer = hub->create_export_to_peer(peer);
116 exporter.handle_export(transfer);
117 }
118
119 return a.exec();
120}

Subscribers

People subscribed via source and target branches