content-hub

Merge lp://staging/~ken-vandine/content-hub/url-dispatcher into lp://staging/content-hub

  1. url-dispatcher
  2. Merge into trunk
Proposed by Ken VanDine
Status: Merged
Approved by: Michael Sheldon
Approved revision: 209
Merged at revision: 209
Proposed branch: lp://staging/~ken-vandine/content-hub/url-dispatcher
Merge into: lp://staging/content-hub
Diff against target: 401 lines (+343/-0)
9 files modified
CMakeLists.txt (+1/-0)
debian/content-hub.install (+3/-0)
tools/CMakeLists.txt (+17/-0)
tools/send/CMakeLists.txt (+59/-0)
tools/send/autoexporter.cpp (+79/-0)
tools/send/autoexporter.h (+50/-0)
tools/send/content-hub-send.desktop (+9/-0)
tools/send/content-hub-send.url-dispatcher (+5/-0)
tools/send/exporter.cpp (+120/-0)
To merge this branch: bzr merge lp://staging/~ken-vandine/content-hub/url-dispatcher
Reviewer Review Type Date Requested Status
Michael Sheldon (community) Approve
PS Jenkins bot continuous-integration Approve
Review via email: mp+259039@code.staging.launchpad.net

Commit message

Added url-dispatcher integration. This allows export and share requests to be initiated by opening a url.

Description of the change

Added url-dispatcher integration. This allows export and share requests to be initiated by opening a url. For example, to create a share request to facebook you could open a url like:

"content:?pkg=com.ubuntu.developer.webapps.webapp-facebook&app=webapp-facebook&handler=share&url=http://www.ubuntu.com"

Parameters:
 * pkg - click package name (required)
 * app - click app name, ubuntu-app-launch will attempt to guess if not provided
 * ver - version of the click package, defaults to "current-user-version"
 * handler - export or share, defaults to defaults to "export"

A simple way to test this would be to run this from a shell:

url-dispatcher "content:?pkg=messaging-app&handler=share&url=http://www.ubuntu.com"

This will open the messaging-app and insert the link

File transfers are prohibited, for security reasons. So this only works for remote links and text shares.

To post a comment you must log in.
lp://staging/~ken-vandine/content-hub/url-dispatcher updated
205. By Ken VanDine

tidy up a bit

206. By Ken VanDine

merged trunk

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:206
http://jenkins.qa.ubuntu.com/job/content-hub-ci/254/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-amd64-ci/50
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-armhf-ci/50
        deb: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-armhf-ci/50/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-i386-ci/50

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/content-hub-ci/254/rebuild

review: Approve (continuous-integration)
lp://staging/~ken-vandine/content-hub/url-dispatcher updated
207. By Ken VanDine

Cleaned up appId creation and all text to be set

208. By Ken VanDine

white space cleanup

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:208
http://jenkins.qa.ubuntu.com/job/content-hub-ci/256/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-amd64-ci/52
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-armhf-ci/52
        deb: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-armhf-ci/52/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-i386-ci/52

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/content-hub-ci/256/rebuild

review: Approve (continuous-integration)
Revision history for this message
Ken VanDine (ken-vandine) wrote :

Are there any related MPs required for this MP to build/function as expected? Please list.

 * No

Is your branch in sync with latest trunk (e.g. bzr pull lp:trunk -> no changes)

 * Yes

Did you perform an exploratory manual test run of your code change and any related functionality on device or emulator?

 * Yes

Did you successfully run all tests found in your component's Test Plan (https://wiki.ubuntu.com/Process/Merges/TestPlan/content-hub) on device or emulator?

 * Yes, plus I ran the url-dispatcher test in the description. I'll add that to the test plan after this lands

If you changed the UI, was the change specified/approved by design?

 * No change

If you changed UI labels, did you update the pot file?

 * No change

If you changed the packaging (debian), did you add a core-dev as a reviewer to this MP?

 * There are packaging changes, I'm a core-dev

Revision history for this message
Michael Sheldon (michael-sheldon) wrote :

This doesn't appear to obey apparmor profiles, so as it stands this could potentially give unrestricted access to all files owned by the phablet user.

For example, creating a simple QML app that calls:

Qt.openUrlExternally("content:?pkg=com.ubuntu.developer.ken-vandine.hub-importer&url=file:///home/phablet/.ssh/known_hosts");

Will result in a user's SSH known_hosts file being sent to the hub-importer app (but potentially an app could be using this to send files directly back to itself and it could be grabbing much more important files if they exist, like ~/.ssh/id_rsa).

Unfortunately I don't think applying the apparmor profile of the app which called url-dispatcher will be enough either, as a malicious developer could create a website like http://mikeasoft.com/~mike/urlhack.php which does a header redirect to "content:?pkg=com.ubuntu.developer.ken-vandine.hub-importer&url=file:///home/phablet/.ssh/known_hosts". They would then call Qt.openUrlExternally("http://mikeasoft.com/~mike/urlhack.php") in their app, which would launch the webbrowser. The urlhack page would then cause the webbrowser to issue the request to the url-dispatcher instead of the originating app, and since the webbrowser is unconfined this would again provide a mechanism for accessing all of a user's files from a confined app.

review: Needs Fixing
lp://staging/~ken-vandine/content-hub/url-dispatcher updated
209. By Ken VanDine

Don't support file transfers via url-dispatcher

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:209
http://jenkins.qa.ubuntu.com/job/content-hub-ci/257/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-amd64-ci/53
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-armhf-ci/53
        deb: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-armhf-ci/53/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/content-hub-vivid-i386-ci/53

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/content-hub-ci/257/rebuild

review: Approve (continuous-integration)
Revision history for this message
Michael Sheldon (michael-sheldon) wrote :

Did you perform an exploratory manual test run of the code change and any related functionality on device or emulator?

 * Yes

Did CI run pass? If not, please explain why.

 * Yes

Have you checked that submitter has accurately filled out the submitter checklist and has taken no shortcut?

 * Yes

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches