keejef
/
session-desktop
mirror of https://github.com/oxen-io/session-desktop
2
0
Fork 0
Code Issues 8 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
unstable
feature/update-crowdin-translations
master
audit2
show
audit
v1.9.1
v1.9.0
v1.8.6
v1.8.5
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.9
v1.7.8
v1.7.7
v1.7.6
v1.7.5
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.11
v1.6.10
v1.6.1
v1.6.0
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.9
v1.4.8
v1.4.7
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.11
v1.4.10
v1.4.1
v1.4.0
v1.3.1
v1.3.0
v1.2.1
v1.2.0
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.2
v1.13.1
v1.13.0
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.12.0
v1.11.5
v1.11.4
v1.11.3
v1.11.2
v1.11.1
v1.11.0
v1.10.8
v1.10.7
v1.10.6
v1.10.5
v1.10.4
v1.10.3
v1.10.2
v1.10.1
v1.10.0
v1.1.2
v1.1.1
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a1ac810343'
${ noResults }
session-desktop/js/views
History
Daniel Gasienica a1ac810343 Security: Replace Unicode order overrides in attachment names 
As a user, when I receive a file attachment, I want to have confidence that the
filename I see in the Signal Desktop app is the same as it will be on disk.

To prevent user confusion when receiving files with Unicode order override
characters, e.g. `test<LTRO>fig.exe` appearing as `testexe.gif`, we replace all
occurrences of order overrides (`U+202D` and `U+202E`) with `U+FFFD`.

**Changes**
- [x] Bump `Attachment` `schemaVersion` to 2.
- [x] Replace all Unicode order overrides in `attachment.filename`:
      `Attachment.replaceUnicodeOrderOverrides`.
- [x] Add tests for existing `Attachment.upgradeSchema`
- [x] Add tests for existing `Attachment.withSchemaVersion`
- [x] Add tests for `Attachment.replaceUnicodeOrderOverrides` positives.
- [x] Add `testcheck` generative property-based testing library
      (based on QuickCheck) to ensure valid filenames are preserved.

---

commit 855bdbc7e647e44f73b9e1f5e6d64f734c61169a
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Thu Feb 22 13:02:01 2018 -0500

    Log error stack in case of error

commit 6e053ed66aee136f186568fa88aacd4814b2ab07
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Thu Feb 22 12:30:28 2018 -0500

    Improve `upgradeStep` error handling

commit 8c226a2523b701cb578b2137832c3eaf3475bb2b
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Thu Feb 22 12:30:08 2018 -0500

    Check for expected version before upgrade

    Prevents out of order upgrade steps.

commit 28b0675591e782169128f75429b7bab2a22307fa
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Thu Feb 22 12:29:52 2018 -0500

    Reject invalid attachments

commit 41f4f457dae9416dae66dc2fa2079483d1f127a9
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Thu Feb 22 12:29:36 2018 -0500

    Fix upgrade pipeline order

commit 3935629e91c49b8d96c1e02bd37b1b31d1180720
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Thu Feb 22 12:28:25 2018 -0500

    Avoid `_.isPlainObject`

    Attachments are deserialized from a protocol buffer and can have a
    non-plain-object constructor.

commit 39f6e7f622ff4885e2ccafa354e0edb5864c55d8
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Thu Feb 22 12:19:07 2018 -0500

    Define basic attachment validity

commit adcf7e3243cd90866cc35990c558ff7829019037
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Thu Feb 22 12:18:54 2018 -0500

    Add tests for attachment upgrade pipeline

commit 82fc4644d7e654eea9f348518b086497be2b0cb4
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Wed Feb 21 12:20:24 2018 -0500

    Favor `async` / `await` over `then`

commit 8fe49e3c40e78ced0b8f2eb0b678f4bae842855d
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Wed Feb 21 12:19:59 2018 -0500

    Add `eslint-more` plugin

    This will enable us to disallow `then` in favor of `async` / `await`.

commit 020beefb25f508ae96cf3fc099599fbbca98802b
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Wed Feb 21 11:31:49 2018 -0500

    Remove unnecessary `async` modifiers

commit 177090c5f5ad9836f0ca0a5c2f298779519e3692
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Wed Feb 21 11:30:55 2018 -0500

    Document `operator-linebreak` ESLint rule

commit 25622b7c59291cb672ae057c47e7327a564cca40
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Wed Feb 21 11:14:15 2018 -0500

    Prefix internal function with `_`

commit 6aa3cf5098df71e9b710064739ec49d74f81b7bf
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Fri Feb 16 19:00:07 2018 -0500

    Replace all Unicode order override occurrences

commit fd6e23b0a519bce3c12c5b9ac676bcd198034fed
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Fri Feb 16 17:48:41 2018 -0500

    Whitelist `testcheck` `check` and `gen` globals

commit 400bae9fac5078821813bc0ca17a5d7a72900161
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Fri Feb 16 17:46:57 2018 -0500

    🎨 Fix lint errors

commit da53d3960aa7aa36b7cc1fcff414c9e929c0d9fc
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Fri Feb 16 17:42:42 2018 -0500

    Add tests for `Attachment.withSchemaVersion`

commit ec203444239d9e3c443ba88cab7ef4672151072d
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Fri Feb 16 17:42:17 2018 -0500

    Add test for `Attachment.upgradeSchema`

commit 4540d5bdf7a4279f49d2e4c6ee03f47b93df46bf
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Fri Feb 16 17:05:29 2018 -0500

    Rename `setSchemaVersion` --> `withSchemaVersion`

    Put the schema version first for better readability.

commit e379cf919feda31d1fa96d406c30fd38e159a11d
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Fri Feb 16 17:03:22 2018 -0500

    Add filename sanitization to upgrade pipeline

commit 1e344a0d15926fc3e17be20cd90bfa882b65f337
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Fri Feb 16 17:01:55 2018 -0500

    Test that we preserve non-suspicious filenames

commit a2452bfc98f93f82bed48b438757af2e66a6af82
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Fri Feb 16 17:00:56 2018 -0500

    Add `testcheck` dependency

    Allows for generative property-based testing similar to Haskell’s QuickCheck.
    See: https://medium.com/javascript-inside/f91432247c27

commit ceb5bfd2484a77689fdb8e9edd18d4a7b093a486
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Fri Feb 16 16:15:33 2018 -0500

    Replace Unicode order override characters

    Prevents users from being tricked into clicking a file named `testexe.fig`
    that appears as `testexe.gif` due to a Unicode order override character.

    See:
    - http://unicode.org/reports/tr36/#Bidirectional_Text_Spoofing
    - https://krebsonsecurity.com/2011/09/right-to-left-override-aids-email-attacks/

commit bc605afb1c6af3a5ebc31a4c1523ff170eb96ffe
Author: Daniel Gasienica <daniel@gasienica.ch>
Date:   Fri Feb 16 16:12:29 2018 -0500

    Remove `CURRENT_PROCESS_VERSION`

    Reintroduce this whenever we need it. We currently only deal with schema version
    numbers within this module.
 		7 years ago
..
app_view.js Add setting to hide menu bar (#1551) 8 years ago
attachment_preview_view.js Normalize views' template fetching pattern 9 years ago
attachment_view.js Auto-orient image attachments based on EXIF metadata 7 years ago
banner_view.js Confirmaton on send, banner when 'unverified' 8 years ago
confirmation_dialog_view.js ConfirmationDialogView: Make showCancel an explicit option 8 years ago
contact_list_view.js Feature: Blue check marks for read messages if opted in (#1489) 8 years ago
conversation_list_item_view.js Profiles (#1453) 8 years ago
conversation_list_view.js Left pane: small sorting fix, logging for error cases (#1969) 7 years ago
conversation_search_view.js Fetch conversations once, clean up ConversationController API (#1420) 8 years ago
conversation_view.js Remove expired message if it expired during database fetch (#1983) 7 years ago
debug_log_view.js Load debug log dialog immediately, then populate log data (#1540) 8 years ago
error_view.js Remove all concept of 'key conflict' from the app 8 years ago
file_input_view.js Security: Replace Unicode order overrides in attachment names 7 years ago
group_member_list_view.js Show call to action on group member list when verifying 8 years ago
group_update_view.js Remove erroneous license file and headers 10 years ago
hint_view.js Add hint for users with no groups or contacts 9 years ago
identicon_svg_view.js Fix svg icon colors 9 years ago
identity_key_send_error_view.js Eliminate $name$ in two places (#1520) 8 years ago
import_view.js Be resilient to thrown non-errors in import process (#1737) 8 years ago
inbox_view.js Remove conversation from left pane on 'delete messages' (#1807) 7 years ago
install_choice_view.js Import: choice on first startup, workflow, ported to Node.js fs API 8 years ago
install_view.js Big update to new signal branding (#2018) 7 years ago
key_verification_view.js Eliminate $name$ in two places (#1520) 8 years ago
last_seen_indicator_view.js Preserve lastSeenIndicator location when not focused 8 years ago
list_view.js Object.assign -> _.extend(), for to make Chrome 45 and below work 8 years ago
message_detail_view.js Feature: Blue check marks for read messages if opted in (#1489) 8 years ago
message_list_view.js Scroll to bottom when adding a new message (#1450) 8 years ago
message_view.js Process expireTimer and block status along with contact/group sync (#1980) 7 years ago
network_status_view.js More refactoring to reduce global event dependencies 8 years ago
new_group_update_view.js Remove comments after NewGroupUpdateView investigation 8 years ago
phone-input-view.js Get standalone registration working in development 8 years ago
recipients_input_view.js Simplify event arguments 10 years ago
recorder_view.js Preserve disabled state in the middle of sending message (#1937) 7 years ago
scroll_down_button_view.js Scroll down button: when scrolled up, or new non-visible message 8 years ago
settings_view.js Add setting to hide menu bar (#1551) 8 years ago
standalone_registration_view.js Import: choice on first startup, workflow, ported to Node.js fs API 8 years ago
timestamp_view.js Fixed bubble timestamp update timer breakdown 9 years ago
toast_view.js Generalize toast view template 9 years ago
whisper_view.js Full export, migration banner, and full migration workflow - behind flag (#1342) 8 years ago