fix(GODT-3229): escape reserved XML characters in Apple configuration profile.
This commit is contained in:
parent
bfde96dc88
commit
97fc964467
|
@ -21,6 +21,7 @@ import (
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/ProtonMail/proton-bridge/v3/internal/useragent"
|
"github.com/ProtonMail/proton-bridge/v3/internal/useragent"
|
||||||
|
@ -70,24 +71,24 @@ func prepareMobileConfig(
|
||||||
password []byte,
|
password []byte,
|
||||||
) *mobileconfig.Config {
|
) *mobileconfig.Config {
|
||||||
return &mobileconfig.Config{
|
return &mobileconfig.Config{
|
||||||
DisplayName: username,
|
DisplayName: escapeXMLString(username),
|
||||||
EmailAddress: addresses,
|
EmailAddress: escapeXMLString(addresses),
|
||||||
AccountName: displayName,
|
AccountName: escapeXMLString(displayName),
|
||||||
AccountDescription: username,
|
AccountDescription: escapeXMLString(username),
|
||||||
Identifier: "protonmail " + username + strconv.FormatInt(time.Now().Unix(), 10),
|
Identifier: escapeXMLString("protonmail " + username + strconv.FormatInt(time.Now().Unix(), 10)),
|
||||||
IMAP: &mobileconfig.IMAP{
|
IMAP: &mobileconfig.IMAP{
|
||||||
Hostname: hostname,
|
Hostname: escapeXMLString(hostname),
|
||||||
Port: imapPort,
|
Port: imapPort,
|
||||||
TLS: imapSSL,
|
TLS: imapSSL,
|
||||||
Username: username,
|
Username: escapeXMLString(username),
|
||||||
Password: string(password),
|
Password: escapeXMLString(string(password)),
|
||||||
},
|
},
|
||||||
SMTP: &mobileconfig.SMTP{
|
SMTP: &mobileconfig.SMTP{
|
||||||
Hostname: hostname,
|
Hostname: escapeXMLString(hostname),
|
||||||
Port: smtpPort,
|
Port: smtpPort,
|
||||||
TLS: smtpSSL,
|
TLS: smtpSSL,
|
||||||
Username: username,
|
Username: escapeXMLString(username),
|
||||||
Password: string(password),
|
Password: escapeXMLString(string(password)),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -121,3 +122,13 @@ func saveConfigTemporarily(mc *mobileconfig.Config) (fname string, err error) {
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// escapeXMLString replace all occurrences of the 5 characters `&`, `<`, `>`, `"` and `'` by their respective escaped version as per the XML spec.
|
||||||
|
// https://www.w3.org/TR/xml/#syntax
|
||||||
|
func escapeXMLString(input string) string {
|
||||||
|
result := strings.ReplaceAll(input, `&`, `&`)
|
||||||
|
result = strings.ReplaceAll(result, `<`, `<`)
|
||||||
|
result = strings.ReplaceAll(result, `>`, `>`)
|
||||||
|
result = strings.ReplaceAll(result, `"`, `"`)
|
||||||
|
return strings.ReplaceAll(result, `'`, `'`)
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
// Copyright (c) 2024 Proton AG
|
||||||
|
//
|
||||||
|
// This file is part of Proton Mail Bridge.
|
||||||
|
//
|
||||||
|
// Proton Mail Bridge is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU General Public License as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// Proton Mail Bridge is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU General Public License
|
||||||
|
// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
//go:build darwin
|
||||||
|
|
||||||
|
package clientconfig
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestEscapeXMLString(t *testing.T) {
|
||||||
|
require.Equal(t, escapeXMLString(`abc&&''""<<>>def`), `abc&&''""<<>>def`)
|
||||||
|
}
|
||||||
|
|
||||||
|
// This test requires human interaction (user configuration profile installation prompt). It is for debugging purpose and is disabled by default.
|
||||||
|
func _TestInstallCert(t *testing.T) { //nolint:unused
|
||||||
|
require.NoError(
|
||||||
|
t,
|
||||||
|
(&AppleMail{}).Configure(`127.0.0.1`, 1143, 1025, true, false, `user&>>`, `<<abc&&'"def>>`, `user&a`, []byte(`ir8R9vhdNXyB7isWzhyEkQ`)),
|
||||||
|
)
|
||||||
|
}
|
Loading…
Reference in New Issue