fix: sanitize input for dname on signing key

pwa-builder · Oct 8, 2024 · d480e22 · d480e22
1 parent 0b9255a
commit d480e22
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 9 deletions.
diff --git a/apps/pwabuilder/src/script/components/android-form.ts b/apps/pwabuilder/src/script/components/android-form.ts
@@ -8,7 +8,7 @@ import { AppPackageFormBase } from './app-package-form-base';
 import { getManifestContext } from '../services/app-info';
 import { maxSigningKeySizeInBytes } from '../utils/android-validation';
 import { recordPWABuilderProcessStep, AnalyticsBehavior } from '../utils/analytics';
-import { AppNameInputPattern } from '../utils/constants';
+import { AppNameInputPattern, DnameInputPattern } from '../utils/constants';
 
 @customElement('android-form')
 
@@ -786,6 +786,7 @@ export class AndroidForm extends AppPackageFormBase {
             required: true,
             placeholder: 'John Doe',
             value: this.packageOptions.signing.fullName || '',
+            pattern: DnameInputPattern,
             spellcheck: false,
             inputHandler: (val: string) => this.packageOptions.signing.fullName = val
           })}
@@ -800,6 +801,7 @@ export class AndroidForm extends AppPackageFormBase {
             required: true,
             placeholder: 'My Company',
             value: this.packageOptions.signing.organization || '',
+            pattern: DnameInputPattern,
             spellcheck: false,
             inputHandler: (val: string) => this.packageOptions.signing.organization = val
           })}
@@ -814,6 +816,7 @@ export class AndroidForm extends AppPackageFormBase {
             required: true,
             placeholder: 'Engineering Department',
             value: this.packageOptions.signing.organizationalUnit,
+            pattern: DnameInputPattern,
             spellcheck: false,
             inputHandler: (val: string) => this.packageOptions.signing.organizationalUnit = val
           })}
@@ -828,6 +831,7 @@ export class AndroidForm extends AppPackageFormBase {
             required: true,
             placeholder: 'US',
             value: this.packageOptions.signing.countryCode,
+            pattern: DnameInputPattern,
             spellcheck: false,
             minLength: 2,
             maxLength: 2,

diff --git a/apps/pwabuilder/src/script/components/publish-pane.ts b/apps/pwabuilder/src/script/components/publish-pane.ts
@@ -1039,7 +1039,9 @@ export class PublishPane extends LitElement {
       let packagingOptions = platForm!.getPackageOptions();
       this.generate(this.selectedStore.toLowerCase() as Platform, packagingOptions);
     } else {
-      form!.reportValidity();
+      const details = platForm.shadowRoot!.querySelector('sl-details');
+      const expanding = details ? details.show() : Promise.resolve();
+      expanding.then(() => form!.reportValidity()); // it may contain errors collapsed
     }
   }
 

diff --git a/apps/pwabuilder/src/script/services/publish/android-publish.ts b/apps/pwabuilder/src/script/services/publish/android-publish.ts
@@ -1,7 +1,8 @@
 import {
   validateAndroidOptions,
   AndroidPackageOptions,
-  generatePackageId
+  generatePackageId,
+  sanitizeDname
 } from '../../utils/android-validation';
 import { env } from '../../utils/environment';
 import { findSuitableIcon, findBestAppIcon } from '../../utils/icons';
@@ -18,7 +19,7 @@ export async function generateAndroidPackage(androidOptions: AndroidPackageOptio
     );
   }
 
-  let headers = {...getHeaders(), 'content-type': 'application/json' };
+  let headers = { ...getHeaders(), 'content-type': 'application/json' };
 
   const referrer = sessionStorage.getItem('ref');
   const generateAppUrl = `${env.androidPackageGeneratorUrl}/generateAppPackage${referrer ? '?ref=' + encodeURIComponent(referrer) : ''}`;
@@ -56,7 +57,7 @@ export async function generateAndroidPackage(androidOptions: AndroidPackageOptio
       let err = new Error(
         `Error generating Android package.\nStatus code: ${response.status}\nError: ${response.statusText}\nDetails: ${responseText}`
       );
-      Object.defineProperty(response, "stack_trace", {value: responseText});
+      Object.defineProperty(response, "stack_trace", { value: responseText });
       //@ts-ignore
       err.response = response;
       throw err;
@@ -237,8 +238,8 @@ export function createAndroidPackageOptionsFromManifest(manifestContext: Manifes
     signing: {
       file: null,
       alias: 'my-key-alias',
-      fullName: `${manifest.short_name || manifest.name || 'App'} Admin`,
-      organization: manifest.name || 'PWABuilder',
+      fullName: `${sanitizeDname(manifest.short_name) || sanitizeDname(manifest.name) || 'App'} Admin`,
+      organization: sanitizeDname(manifest.name) || 'PWABuilder',
       organizationalUnit: 'Engineering',
       countryCode: 'US',
       keyPassword: '', // If empty, one will be generated by CloudAPK service

diff --git a/apps/pwabuilder/src/script/utils/android-validation.ts b/apps/pwabuilder/src/script/utils/android-validation.ts
@@ -4,7 +4,7 @@ import { PackageOptions, ShareTarget, ShortcutItem } from './interfaces';
  * Settings for the Android APK generation. This is the raw data passed to the CloudApk service.
  * It should match the CloudApk service's AndroidPackageOptions interface: https://github.com/pwa-builder/CloudAPK/blob/master/build/androidPackageOptions.ts
  */
-export interface AndroidPackageOptions  extends PackageOptions {
+export interface AndroidPackageOptions extends PackageOptions {
   appVersion: string;
   appVersionCode: number;
   backgroundColor: string;
@@ -107,6 +107,19 @@ export function generatePackageId(host: string): string {
   return parts.join('.');
 }
 
+// https://github.com/frohoff/jdk8u-jdk/blob/da0da73ab82ed714dc5be94acd2f0d00fbdfe2e9/src/share/classes/sun/security/x509/AVA.java#L95C33-L95C49
+export const dnameInvalidCharacters = '\\,\\=\\+\\<\\>\\#\\;\\\\"';
+
+// Sanitize over escape, otherwise it may conflict with bubblewrap escapes https://github.com/GoogleChromeLabs/bubblewrap/issues/373
+export function sanitizeDname(input: string | undefined): string {
+  if (!input) {
+    return "";
+  }
+
+  const regex = new RegExp(`([${dnameInvalidCharacters}])`, 'g');
+  return input.replace(regex, '');
+}
+
 export function validateAndroidPackageId(packageId?: string | null): AndroidPackageValidationError[] {
   const packageErrors: AndroidPackageValidationError[] = [];
   if (!packageId) {

diff --git a/apps/pwabuilder/src/script/utils/constants.ts b/apps/pwabuilder/src/script/utils/constants.ts
@@ -1 +1,4 @@
-export const AppNameInputPattern = '[^\\|\\$\\@\\#\\>\\<\\)\\(\\!\\&\\%\\*]+$';
+import { dnameInvalidCharacters } from './android-validation';
+
+export const AppNameInputPattern = '[^\\|\\$\\@\\#\\>\\<\\)\\(\\!\\&\\%\\*]+$';
+export const DnameInputPattern = `[^${dnameInvalidCharacters}]+$`;