Webtorrent should check if file is .torrent before downloading

fix brave/brave-browser#11488
diracdeltas · Sep 1, 2020 · 4499597 · 4499597
1 parent 80f1fd2
commit 4499597
Showing 1 changed file with 52 additions and 0 deletions.
diff --git a/components/brave_webtorrent/extension/components/torrentViewerHeader.tsx b/components/brave_webtorrent/extension/components/torrentViewerHeader.tsx
@@ -19,6 +19,8 @@ interface Props {
   onStopDownload: (tabId: number) => void
 }
 
+const remoteProtocols = ['http:', 'https:', 'ftp:', 'sftp:', 'ws:', 'wss:']
+
 export default class TorrentViewerHeader extends React.PureComponent<
   Props,
   {}
@@ -29,10 +31,60 @@ export default class TorrentViewerHeader extends React.PureComponent<
       : this.props.onStartTorrent(this.props.torrentId, this.props.tabId)
   }
 
+  removeDownloadListener = () => {
+    chrome.downloads.onDeterminingFilename.removeListener(this.downloadListener)
+  }
+
+  downloadListener = (item: chrome.downloads.DownloadItem) => {
+    if (!item || !item.url || item.referrer !== 'about:client' ||
+        item.url !== this.props.torrentId) {
+      // Only listen for downloads initiated by Webtorrent.
+      this.removeDownloadListener()
+      return
+    }
+    const url = new URL(item.url)
+    if (!url || !remoteProtocols.includes(url.protocol) ||
+        url.hostname === '127.0.0.1') {
+      // Non-remote files are trusted.
+      this.removeDownloadListener()
+      return
+    }
+    if (!item.filename || !item.filename.endsWith('.torrent')) {
+      try {
+        chrome.downloads.cancel(item.id, this.onTorrentDownloadError)
+      } catch (e) {
+        this.removeDownloadListener()
+        console.error(e)
+      }
+    }
+  }
+
+  onTorrentDownloadError = () => {
+    this.removeDownloadListener()
+    const msg = 'Error: file is not a .torrent.'
+    // By default, alert() shows up on every tab that has loaded webtorrent.
+    // We only want it to show on the current tab.
+    chrome.tabs.query({
+      active: true,
+      lastFocusedWindow: true
+    }, (tabs) => {
+      const tab = tabs[0]
+      if (tab && typeof tab.id === 'number') {
+        chrome.tabs.executeScript(tab.id, {
+          code: `alert('${msg}')`
+        })
+        return
+      }
+      alert(msg)
+    })
+  }
+
   onCopyClick = () => {
     if (this.props.torrentId.startsWith('magnet:')) {
       clipboardCopy(this.props.torrentId)
     } else {
+      // Listen for malicious files pretending to be .torrents (#11488)
+      chrome.downloads.onDeterminingFilename.addListener(this.downloadListener)
       let a = document.createElement('a')
       a.download = ''
       a.href = this.props.torrentId