add input verification for public key import

2025-01-30 22:50:17 -05:00 · 2014-03-10 18:30:06 +01:00 · 2014-03-10 18:30:06 +01:00 · 81001ed193
commit 81001ed193
parent 0cfc66e60d
2 changed files with 46 additions and 10 deletions
--- a/src/js/controller/contacts.js
+++ b/src/js/controller/contacts.js
@ -56,8 +56,24 @@ define(function(require) {
        };

        $scope.importKey = function(publicKeyArmored) {
-            var keyParams = pgp.getKeyParams(publicKeyArmored);
-            var pubkey = {
+            var keyParams, pubkey;
+
+            // verifiy public key string
+            if (publicKeyArmored.indexOf('-----BEGIN PGP PUBLIC KEY BLOCK-----') < 0) {
+                $scope.onError({
+                    errMsg: 'Invalid public key!'
+                });
+                return;
+            }
+
+            try {
+                keyParams = pgp.getKeyParams(publicKeyArmored);
+            } catch (e) {
+                $scope.onError(e);
+                return;
+            }
+
+            pubkey = {
                _id: keyParams._id,
                userId: keyParams.userId,
                publicKey: publicKeyArmored
--- a/test/new-unit/contacts-ctrl-test.js
+++ b/test/new-unit/contacts-ctrl-test.js
@ -91,7 +91,7 @@ define(function(require) {

        describe('importKey', function() {
            it('should work', function(done) {
-                var keyArmored = 'ARMORED PUBLICKEY';
+                var keyArmored = '-----BEGIN PGP PUBLIC KEY BLOCK-----';

                cryptoMock.getKeyParams.returns({
                    _id: '12345',
@ -101,7 +101,7 @@ define(function(require) {
                keychainMock.saveLocalPublicKey.withArgs({
                    _id: '12345',
                    userId: 'max@example.com',
-                    publicKey: 'ARMORED PUBLICKEY'
+                    publicKey: '-----BEGIN PGP PUBLIC KEY BLOCK-----'
                }).yields();

                scope.listKeys = function() {
@ -111,19 +111,39 @@ define(function(require) {
                scope.importKey(keyArmored);
            });

+            it('should fail due to invalid armored key', function(done) {
+                var keyArmored = '-----BEGIN PGP PRIVATE KEY BLOCK-----';
+
+                scope.onError = function(err) {
+                    expect(err).to.exist;
+                    done();
+                };
+
+                scope.importKey(keyArmored);
+            });
+
+            it('should fail due to error in pgp.getKeyParams', function(done) {
+                var keyArmored = '-----BEGIN PGP PUBLIC KEY BLOCK-----';
+
+                cryptoMock.getKeyParams.throws(new Error('WAT'));
+
+                scope.onError = function(err) {
+                    expect(err).to.exist;
+                    done();
+                };
+
+                scope.importKey(keyArmored);
+            });
+
            it('should fail due to error in keychain.saveLocalPublicKey', function(done) {
-                var keyArmored = 'ARMORED PUBLICKEY';
+                var keyArmored = '-----BEGIN PGP PUBLIC KEY BLOCK-----';

                cryptoMock.getKeyParams.returns({
                    _id: '12345',
                    userId: 'max@example.com'
                });

-                keychainMock.saveLocalPublicKey.withArgs({
-                    _id: '12345',
-                    userId: 'max@example.com',
-                    publicKey: 'ARMORED PUBLICKEY'
-                }).yields(42);
+                keychainMock.saveLocalPublicKey.yields(42);

                scope.onError = function(err) {
                    expect(err).to.equal(42);