Merge pull request #3191 from jas14/stricter-db-import

Check SQLite3 magic bytes before import
author: H. Lehmann <ByteHamster@users.noreply.github.com> 2019-05-27 12:44:44 +0200
committer: GitHub <noreply@github.com> 2019-05-27 12:44:44 +0200
commit: 46103883ce7af9436dee8acff5e3aa7a247fc79f (patch)
tree: 7c5c9eecc2bce1879d2afeecb49e21a42fd7f8b5 /app
parent: 35770dc2e22b63b8da298b1be377136c933800a7 (diff)
parent: 09e138b51f36deeabaafbc7bf72144d8ca458aaa (diff)
download: AntennaPod-46103883ce7af9436dee8acff5e3aa7a247fc79f.zip
1 files changed, 29 insertions, 1 deletions
diff --git a/app/src/main/java/de/danoeh/antennapod/activity/ImportExportActivity.java b/app/src/main/java/de/danoeh/antennapod/activity/ImportExportActivity.java
index e6c9c37cc..9795c1240 100644
--- a/app/src/main/java/de/danoeh/antennapod/activity/ImportExportActivity.java
+++ b/app/src/main/java/de/danoeh/antennapod/activity/ImportExportActivity.java
@@ -23,6 +23,7 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.channels.FileChannel;
+import java.util.Arrays;
 
 import de.danoeh.antennapod.R;
 import de.danoeh.antennapod.core.preferences.UserPreferences;
@@ -109,9 +110,14 @@ public class ImportExportActivity extends AppCompatActivity {
     }
 
     private void restoreFrom(Uri inputUri) {
-        File currentDB = getDatabasePath(PodDBAdapter.DATABASE_NAME);
         InputStream inputStream = null;
         try {
+            if (!validateDB(inputUri)) {
+                displayBadFileDialog();
+                return;
+            }
+
+            File currentDB = getDatabasePath(PodDBAdapter.DATABASE_NAME);
             inputStream = getContentResolver().openInputStream(inputUri);
             FileUtils.copyInputStreamToFile(inputStream, currentDB);
             displayImportSuccessDialog();
@@ -123,6 +129,28 @@ public class ImportExportActivity extends AppCompatActivity {
         }
     }
 
+    private static final byte[] SQLITE3_MAGIC = "SQLite format 3\0".getBytes();
+    private boolean validateDB(Uri inputUri) throws IOException {
+        try (InputStream inputStream = getContentResolver().openInputStream(inputUri)) {
+            byte[] magicBuf = new byte[SQLITE3_MAGIC.length];
+            if (inputStream.read(magicBuf) == magicBuf.length) {
+                return Arrays.equals(SQLITE3_MAGIC, magicBuf);
+            }
+        }
+
+        return false;
+    }
+
+    private void displayBadFileDialog() {
+        AlertDialog.Builder d = new AlertDialog.Builder(ImportExportActivity.this);
+        d.setMessage(R.string.import_bad_file)
+                .setCancelable(false)
+                .setPositiveButton(android.R.string.ok, ((dialogInterface, i) -> {
+                    // do nothing
+                }))
+                .show();
+    }
+
     private void displayImportSuccessDialog() {
         AlertDialog.Builder d = new AlertDialog.Builder(ImportExportActivity.this);
         d.setMessage(R.string.import_ok);
author	H. Lehmann <ByteHamster@users.noreply.github.com>	2019-05-27 12:44:44 +0200
committer	GitHub <noreply@github.com>	2019-05-27 12:44:44 +0200
commit	46103883ce7af9436dee8acff5e3aa7a247fc79f (patch)
tree	7c5c9eecc2bce1879d2afeecb49e21a42fd7f8b5 /app
parent	35770dc2e22b63b8da298b1be377136c933800a7 (diff)
parent	09e138b51f36deeabaafbc7bf72144d8ca458aaa (diff)
download	AntennaPod-46103883ce7af9436dee8acff5e3aa7a247fc79f.zip