wireapp · yamilmedina · May 12, 2025 · May 8, 2025 · May 8, 2025 · May 8, 2025
diff --git a/app/src/main/kotlin/com/wire/android/WireApplication.kt b/app/src/main/kotlin/com/wire/android/WireApplication.kt
@@ -154,6 +154,7 @@
             )
             StrictMode.setVmPolicy(
                 StrictMode.VmPolicy.Builder()
+                    .detectFileUriExposure()
                     .detectLeakedSqlLiteObjects()
                     .detectLeakedClosableObjects()
                     .penaltyLog()

diff --git a/app/src/main/kotlin/com/wire/android/ui/home/conversations/usecase/HandleUriAssetUseCase.kt b/app/src/main/kotlin/com/wire/android/ui/home/conversations/usecase/HandleUriAssetUseCase.kt
@@ -40,6 +40,10 @@
         saveToDeviceIfInvalid: Boolean = false,
         specifiedMimeType: String? = null, // specify a particular mimetype, otherwise it will be taken from the uri / file extension
     ): Result = withContext(dispatchers.io()) {
+        if (!isValidUriSchema(uri)) {
+            return@withContext Result.Failure.Unknown
+        }
+
         val tempAssetPath = kaliumFileSystem.tempFilePath(UUID.randomUUID().toString())
         val assetBundle = fileManager.getAssetBundleFromUri(
             attachmentUri = uri,
@@ -72,6 +76,19 @@
         }
     }
 
+    /**
+     * Handles the correctness of the supported schema of the URI.
+     */
+    @Suppress("TooGenericExceptionCaught")
+    private fun isValidUriSchema(uri: Uri): Boolean {
+        return try {
+            fileManager.checkValidSchema(uri)
+            true
+        } catch (e: Exception) {
+            false
+        }
+    }
+
     companion object {
         private const val sizeOf1MB = 1024 * 1024
     }

diff --git a/.../main/kotlin/com/wire/android/ui/home/messagecomposer/recordaudio/RecordAudioViewModel.kt b/.../main/kotlin/com/wire/android/ui/home/messagecomposer/recordaudio/RecordAudioViewModel.kt
@@ -21,7 +21,6 @@
 import androidx.compose.runtime.getValue
 import androidx.compose.runtime.mutableStateOf
 import androidx.compose.runtime.setValue
-import androidx.core.net.toUri
 import androidx.lifecycle.ViewModel
 import androidx.lifecycle.viewModelScope
 import com.wire.android.appLogger
@@ -37,6 +36,7 @@
 import com.wire.android.util.SUPPORTED_AUDIO_MIME_TYPE
 import com.wire.android.util.dispatchers.DispatcherProvider
 import com.wire.android.util.fileDateTime
+import com.wire.android.util.fromNioPathToContentUri
 import com.wire.android.util.getAudioLengthInMs
 import com.wire.android.util.ui.UIText
 import com.wire.kalium.logic.data.asset.KaliumFileSystem
@@ -321,12 +321,12 @@
             onAudioRecorded(
                 UriAsset(
                     uri = if (didSucceed) {
-                        audioMediaRecorder.mp4OutputPath!!.toFile().toUri()
+                        context.fromNioPathToContentUri(nioPath = audioMediaRecorder.mp4OutputPath!!.toNioPath())
                     } else {
                         if (state.shouldApplyEffects) {
-                            state.effectsOutputFile!!.toUri()
+                            context.fromNioPathToContentUri(nioPath = state.effectsOutputFile!!.toPath())
                         } else {
-                            state.originalOutputFile!!.toUri()
+                            context.fromNioPathToContentUri(nioPath = state.originalOutputFile!!.toPath())
                         }
                     },
                     mimeType = if (didSucceed) {

diff --git a/app/src/main/kotlin/com/wire/android/util/FileManager.kt b/app/src/main/kotlin/com/wire/android/util/FileManager.kt
@@ -113,6 +113,8 @@
         dispatcher: DispatcherProvider = DefaultDispatcherProvider(),
     ): AssetBundle? = withContext(dispatcher.io()) {
         try {
+            // validate if the uri has a valid schema
+            checkValidSchema(attachmentUri)
             val assetKey = UUID.randomUUID().toString()
             val assetFileName = context.getFileName(attachmentUri)
                 ?: throw IOException("The selected asset has an invalid name")
@@ -137,8 +139,20 @@
         }
     }
 
+    /**
+     * Validates the schema of the given Uri.
+     * We are excluding file, as we don't process file URIs.
+     *
+     * If invalid schema is found, an [IllegalArgumentException] is thrown.
+     */
+    fun checkValidSchema(uri: Uri) {
+        appLogger.d("Validating Uri schema for path: ${uri.path} with scheme: ${uri.scheme}")
+        if (INVALID_SCHEMA.equals(uri.scheme, ignoreCase = true)) throw IllegalArgumentException("File URI is not supported")
+    }
+
     companion object {
         private const val TEMP_IMG_ATTACHMENT_FILENAME = "image_attachment.jpg"
         private const val TEMP_VIDEO_ATTACHMENT_FILENAME = "video_attachment.mp4"
+        private const val INVALID_SCHEMA = "file"
     }
 }
diff --git a/app/src/main/kotlin/com/wire/android/util/FileUtil.kt b/app/src/main/kotlin/com/wire/android/util/FileUtil.kt
@@ -56,6 +56,7 @@
 import kotlinx.coroutines.withContext
 import kotlinx.serialization.json.Json
 import okio.Path
+import okio.Path.Companion.toOkioPath
 import java.io.File
 import java.io.FileNotFoundException
 import java.io.IOException
@@ -179,6 +180,8 @@
     return insertedUri
 }
 
+fun Context.fromNioPathToContentUri(nioPath: java.nio.file.Path): Uri = this.pathToUri(nioPath.toOkioPath(), null)
+
 fun Context.pathToUri(assetDataPath: Path, assetName: String?): Uri =
     FileProvider.getUriForFile(this, getProviderAuthority(), assetDataPath.toFile(), assetName ?: assetDataPath.name)
 

diff --git a/...c/test/kotlin/com/wire/android/ui/home/conversations/usecase/HandleUriAssetUseCaseTest.kt b/...c/test/kotlin/com/wire/android/ui/home/conversations/usecase/HandleUriAssetUseCaseTest.kt
@@ -17,8 +17,9 @@
  */
 package com.wire.android.ui.home.conversations.usecase
 
+import android.app.Application
+import android.net.Uri
 import androidx.core.net.toUri
-import com.wire.android.config.CoroutineTestExtension
 import com.wire.android.config.TestDispatcherProvider
 import com.wire.android.framework.FakeKaliumFileSystem
 import com.wire.android.ui.home.conversations.model.AssetBundle
@@ -30,19 +31,40 @@ import io.mockk.MockKAnnotations
 import io.mockk.coEvery
 import io.mockk.coVerify
 import io.mockk.impl.annotations.MockK
-import kotlinx.coroutines.ExperimentalCoroutinesApi
+import kotlinx.coroutines.test.StandardTestDispatcher
 import kotlinx.coroutines.test.runTest
 import okio.Path.Companion.toPath
-import org.junit.jupiter.api.Test
-import org.junit.jupiter.api.extension.ExtendWith
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.annotation.Config
 
-@OptIn(ExperimentalCoroutinesApi::class)
-@ExtendWith(CoroutineTestExtension::class)
+@RunWith(RobolectricTestRunner::class)
+@Config(application = Application::class)
 class HandleUriAssetUseCaseTest {
 
+    private val dispatcher = StandardTestDispatcher()
+
+    @Test
+    fun `given an invalid url schema, when invoked, then result should not succeed`() =
+        runTest(dispatcher) {
+            // Given
+            val limit = GetAssetSizeLimitUseCaseImpl.ASSET_SIZE_DEFAULT_LIMIT_BYTES
+            val (_, useCase) = Arrangement()
+                .withGetAssetSizeLimitUseCase(true, limit)
+                .withGetAssetBundleFromUri(null)
+                .arrange()
+
+            // When
+            val result = useCase.invoke(Uri.Builder().scheme("file").path("/data/asdasdasd.txt").build(), false)
+
+            // Then
+            assert(result is HandleUriAssetUseCase.Result.Failure.Unknown)
+        }
+
     @Test
     fun `given a user picks an image asset less than limit, when invoked, then result should succeed`() =
-        runTest {
+        runTest(dispatcher) {
             // Given
             val limit = GetAssetSizeLimitUseCaseImpl.ASSET_SIZE_DEFAULT_LIMIT_BYTES
             val mockedAttachment = AssetBundle(
@@ -67,7 +89,7 @@ class HandleUriAssetUseCaseTest {
 
     @Test
     fun `given a user picks an image asset larger than limit, when invoked, then result is asset too large failure`() =
-        runTest {
+        runTest(dispatcher) {
             // Given
             val limit = GetAssetSizeLimitUseCaseImpl.ASSET_SIZE_DEFAULT_LIMIT_BYTES
             val mockedAttachment = AssetBundle(
@@ -92,7 +114,7 @@ class HandleUriAssetUseCaseTest {
 
     @Test
     fun `given that a user picks too large asset that needs saving if invalid, when invoked, then saveToExternalMediaStorage is called`() =
-        runTest {
+        runTest(dispatcher) {
             // Given
             val limit = GetAssetSizeLimitUseCaseImpl.ASSET_SIZE_DEFAULT_LIMIT_BYTES
             val mockedAttachment = AssetBundle(
@@ -127,7 +149,7 @@ class HandleUriAssetUseCaseTest {
 
     @Test
     fun `given that a user picks asset, when getting uri returns null, then it should return error`() =
-        runTest {
+        runTest(dispatcher) {
             // Given
             val limit = GetAssetSizeLimitUseCaseImpl.ASSET_SIZE_DEFAULT_LIMIT_BYTES
             val (_, useCase) = Arrangement()

diff --git a/kalium b/kalium
+13 −13		logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/UserSessionScope.kt
+18 −35		logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/client/MLSClientManager.kt
+17 −34		.../src/commonMain/kotlin/com/wire/kalium/logic/feature/conversation/keyingmaterials/KeyingMaterialsManager.kt
+15 −29		logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/mlsmigration/MLSMigrationManager.kt
+56 −29		logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/MLSClientManagerTest.kt
+63 −37		...commonTest/kotlin/com/wire/kalium/logic/feature/conversation/keyingmaterials/KeyingMaterialsManagerTests.kt
+58 −25		logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/mlsmigration/MLSMigrationManagerTest.kt