Only allowing .local & .home.arpa hosts for HTTP WebDav connections.

Upping versionCode to 99
zotero · Sep 6, 2024 · e6bed1c · e6bed1c
1 parent 91214e7
commit e6bed1c
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 8 deletions.
diff --git a/app/src/main/java/org/zotero/android/screens/settings/account/SettingsAccountViewModel.kt b/app/src/main/java/org/zotero/android/screens/settings/account/SettingsAccountViewModel.kt
@@ -69,8 +69,6 @@ internal class SettingsAccountViewModel @Inject constructor(
 
     private var coroutineScope = CoroutineScope(dispatchers.io)
 
-    private val localNetworkRegex = "^(?:127\\.|0?10\\.|172\\.0?1[6-9]\\.|172\\.0?2[0-9]\\.|172\\.0?3[01]\\.|192\\.168\\.|169\\.254\\.|::1|[fF][cCdD][0-9a-fA-F]{2}:|[fF][eE][89aAbB][0-9a-fA-F]:)".toRegex()
-
     @Subscribe(threadMode = ThreadMode.MAIN)
     fun onEvent(singlePickerResult: SinglePickerResult) {
         if (singlePickerResult.callPoint == SinglePickerResult.CallPoint.SettingsWebDav) {
@@ -350,10 +348,7 @@ internal class SettingsAccountViewModel @Inject constructor(
     }
 
     private fun verify(tryCreatingZoteroDir: Boolean) {
-        if (viewState.scheme == WebDavScheme.http && localNetworkRegex.containsMatchIn(
-                sessionStorage.url
-            )
-        ) {
+        if (viewState.scheme == WebDavScheme.http && !isAllowedHttpHost()) {
             updateState {
                 copy(
                     webDavVerificationResult = CustomResult.GeneralError.CodeError(WebDavError.Verification.localHttpWebdavHostNotAllowed),
@@ -401,6 +396,20 @@ internal class SettingsAccountViewModel @Inject constructor(
 
     }
 
+    private fun isAllowedHttpHost(): Boolean {
+        try {
+            val hostComponentsWithPort = sessionStorage.url.split(":")
+            val hostComponentsWithSlashes = hostComponentsWithPort.firstOrNull()?.split("/")
+            val host = hostComponentsWithSlashes?.firstOrNull()
+            if (host != null && (host.endsWith("local") || host.endsWith("home.arpa"))) {
+                return true
+            }
+        } catch (e: Exception) {
+            //no-op
+        }
+        return false
+    }
+
     private fun handleVerification(error: CustomResult.GeneralError) {
         viewModelScope.launch {
             val zoteroDirNotFoundError =

diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
@@ -33,5 +33,5 @@
     <string name="pdf_reader_slider_thumbnails">Thumbnails</string>
     <string name="pdf_reader_slider_annotations">Annotations</string>
     <string name="pdf_reader_slider_outline">Outline</string>
-    <string name="local_http_webdav_host_not_allowed">Due to Android restrictions, HTTP can only be used when connecting to a .local hostname.</string>
+    <string name="local_http_webdav_host_not_allowed">Due to Android restrictions, HTTP can only be used when connecting to a .local and .home.arpa hostnames.</string>
 </resources>
diff --git a/buildSrc/src/main/kotlin/BuildConfig.kt b/buildSrc/src/main/kotlin/BuildConfig.kt
@@ -4,7 +4,7 @@ object BuildConfig {
     const val compileSdkVersion = 34
     const val targetSdk = 34
 
-    val versionCode = 98 // Must be updated on every build
+    val versionCode = 99 // Must be updated on every build
     val version = Version(
         major = 1,
         minor = 0,