Enforce android command escaping with flow

Summary: Splits the utility into a public and private part - just for the opaque types to work. The private part validates arguments and does the command running. Both are safe to use, but the non-internal one is easier, you don't have to validate anything. Reviewed By: passy Differential Revision: D15393477 fbshipit-source-id: 92f63180fb94af4337fdf8c7dace5bc5a85d5a54
2019-05-17 09:41:36 -07:00
parent d238a958ec
commit 7823389081
3 changed files with 126 additions and 53 deletions
--- a/src/utils/androidContainerUtility.js
+++ b/src/utils/androidContainerUtility.js
@@ -4,58 +4,37 @@
 * LICENSE file in the root directory of this source tree.
 * @format
 */
-import {getAdbClient} from './adbClient';
-const adbkit = require('adbkit-fb');
-
-const logTag = 'androidContainerUtility';
-const appNotDebuggableRegex = /debuggable/;
-const allowedAppNameRegex = /^[a-zA-Z0-9._\-]+$/;
-const operationNotPermittedRegex = /not permitted/;
-
-const adb = getAdbClient();
-
-export function executeCommandAsApp(
-  deviceId: string,
-  app: string,
-  command: string,
-): Promise<string> {
-  if (!app.match(allowedAppNameRegex)) {
-    return Promise.reject(new Error(`Disallowed run-as user: ${app}`));
-  }
-  if (command.match(/[']/)) {
-    return Promise.reject(new Error(`Disallowed escaping command: ${command}`));
-  }
-  return adb
-    .then(client =>
-      client.shell(deviceId, `echo '${command}' | run-as '${app}'`),
-    )
-    .then(adbkit.util.readAll)
-    .then(buffer => buffer.toString())
-    .then(output => {
-      if (output.match(appNotDebuggableRegex)) {
-        throw new Error(
-          `Android app ${app} is not debuggable. To use it with Flipper, add android:debuggable="true" to the application section of AndroidManifest.xml`,
-        );
-      }
-      if (output.toLowerCase().match(operationNotPermittedRegex)) {
-        throw new Error(
-          `Your android device (${deviceId}) does not support the adb shell run-as command. We're tracking this at https://github.com/facebook/flipper/issues/92`,
-        );
-      }
-      return output;
-    });
-}
+import {
+  validateAppName,
+  validateFilePath,
+  validateFileContent,
+  _push,
+  _pull,
+} from './androidContainerUtilityInternal';

 export function push(
  deviceId: string,
  app: string,
-  filename: string,
+  filepath: string,
  contents: string,
 ): Promise<void> {
-  console.debug(`Deploying ${filename} to ${deviceId}:${app}`, logTag);
-  return executeCommandAsApp(
-    deviceId,
-    app,
-    `echo "${contents}" > ${filename} && chmod 600 ${filename}`,
-  ).then(output => undefined);
+  return validateAppName(app).then(validApp =>
+    validateFilePath(filepath).then(validFilepath =>
+      validateFileContent(contents).then(validContent =>
+        _push(deviceId, validApp, validFilepath, validContent),
+      ),
+    ),
+  );
+}
+
+export function pull(
+  deviceId: string,
+  app: string,
+  path: string,
+): Promise<string> {
+  return validateAppName(app).then(validApp =>
+    validateFilePath(path).then(validPath =>
+      _pull(deviceId, validApp, validPath),
+    ),
+  );
 }