From 4eb124a62d76b53c71d5eac782601ea81af284d4 Mon Sep 17 00:00:00 2001 From: dburbrid Date: Wed, 3 Apr 2024 14:40:44 +0100 Subject: [PATCH 1/2] Swapped obsolete and vulnerable ini4j library for Apache Commons commons-configuration2 library. --- pom.xml | 5 +- .../firefox/FirefoxProxySearchStrategy.java | 3 +- .../browser/firefox/FirefoxSettingParser.java | 96 +++++++++++-------- 3 files changed, 62 insertions(+), 42 deletions(-) diff --git a/pom.xml b/pom.xml index 3bec927..d8938e3 100644 --- a/pom.xml +++ b/pom.xml @@ -64,8 +64,9 @@ jna-platform - org.ini4j - ini4j + org.apache.commons + commons-configuration2 + 2.10.1 org.mozilla diff --git a/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxProxySearchStrategy.java b/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxProxySearchStrategy.java index 8d271cc..7cef590 100644 --- a/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxProxySearchStrategy.java +++ b/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxProxySearchStrategy.java @@ -18,6 +18,7 @@ import com.github.markusbernhardt.proxy.util.PlatformUtil.Platform; import com.github.markusbernhardt.proxy.util.ProxyException; import com.github.markusbernhardt.proxy.util.ProxyUtil; +import org.apache.commons.configuration2.ex.ConfigurationException; /***************************************************************************** * Loads the Firefox3 proxy settings from the users Firefox3 settings. This will @@ -170,7 +171,7 @@ public Properties readSettings() throws ProxyException { try { Properties settings = settingsParser.parseSettings(profileScanner); return settings; - } catch (IOException e) { + } catch (IOException | ConfigurationException e) { throw new ProxyException("No Firefox installation found"); } } diff --git a/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxSettingParser.java b/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxSettingParser.java index 144f2e1..5312ade 100644 --- a/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxSettingParser.java +++ b/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxSettingParser.java @@ -10,11 +10,12 @@ import java.util.Properties; import java.util.stream.Collectors; -import org.ini4j.Ini; -import org.ini4j.Profile.Section; +import org.apache.commons.configuration2.*; +import org.apache.commons.configuration2.ex.ConfigurationException; import com.github.markusbernhardt.proxy.util.Logger; import com.github.markusbernhardt.proxy.util.Logger.LogLevel; +import java.io.*; /***************************************************************************** * Parser for the Firefox settings file. Will extract all relevant proxy settings form the configuration file. @@ -43,7 +44,7 @@ public FirefoxSettingParser() { * on read error. ************************************************************************/ - public Properties parseSettings(FirefoxProfileSource source) throws IOException { + public Properties parseSettings(FirefoxProfileSource source) throws IOException, ConfigurationException { File settingsFile = getSettingsFile(source); Properties result = new Properties(); @@ -94,47 +95,64 @@ private String removeDoubleQuotes(String string) { * @throws IOException * on read error. */ - protected File getSettingsFile(FirefoxProfileSource source) throws IOException { + protected File getSettingsFile(FirefoxProfileSource source) throws IOException, ConfigurationException { // Read profiles.ini File profilesIniFile = source.getProfilesIni(); if (profilesIniFile.exists()) { - Ini profilesIni = new Ini(profilesIniFile); - - final List keysFF67 = - profilesIni.keySet().stream().filter(s -> s.startsWith("Install")).collect(Collectors.toList()); - if (!keysFF67.isEmpty()) { - Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings for FF67+ detected."); - - for (String keyFF67 : keysFF67) { - - Logger.log(getClass(), LogLevel.DEBUG, "Current FF67+ section key is: {}", keysFF67); - Section section = profilesIni.get(keyFF67); - - if ("1".equals(section.get("Locked"))) { - File profileFolder = - new File(profilesIniFile.getParentFile().getAbsolutePath(), section.get("Default")); - Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings folder is {}", profileFolder); - - File settingsFile = new File(profileFolder, "prefs.js"); - return settingsFile; + INIConfiguration profilesIni = new INIConfiguration(); + try (FileReader fileReader = new FileReader(profilesIniFile)) { + profilesIni.read(fileReader); + + final List keysFF67 = + profilesIni.getSections().stream().filter(s -> s.startsWith("Install")).collect(Collectors.toList()); + if (!keysFF67.isEmpty()) { + Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings for FF67+ detected."); + + for (String keyFF67 : keysFF67) { + + Logger.log(getClass(), LogLevel.DEBUG, "Current FF67+ section key is: {}", keysFF67); + SubnodeConfiguration section = profilesIni.getSection(keyFF67); + + Object propLocked = section.getProperty("Locked"); + if ((propLocked!=null)&&("1".equals(propLocked.toString()))) { + Object propDefault = section.getProperty("Default"); + if (propDefault!=null) { + File profileFolder = + new File(profilesIniFile.getParentFile().getAbsolutePath(), propDefault.toString()); + Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings folder is {}", profileFolder); + + File settingsFile = new File(profileFolder, "prefs.js"); + return settingsFile; + } + } } } - } - else { - for (Entry entry : profilesIni.entrySet()) { - - Logger - .log(getClass(), LogLevel.TRACE, "Current entry, key: {}, value: {}", entry.getKey(), - entry.getValue()); - - if ("default".equals(entry.getValue().get("Name")) - && "1".equals(entry.getValue().get("IsRelative"))) { - File profileFolder = - new File(profilesIniFile.getParentFile().getAbsolutePath(), entry.getValue().get("Path")); - Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings folder is {}", profileFolder); - - File settingsFile = new File(profileFolder, "prefs.js"); - return settingsFile; + else { //FIXME - does this mean we have no sections in pre FF67 ini files? or just no sections starting "Install"? + for (String section : profilesIni.getSections()) { + SubnodeConfiguration confSection = profilesIni.getSection(section); + + if (confSection!=null) { + Logger + .log(getClass(), LogLevel.TRACE, "Current entry, key: {}, value: {}", section, + confSection.toString()); + + Object propName = confSection.getProperty("Name"); + Object propRelative = confSection.getProperty("IsRelative"); + if ((propName!=null)&&(propRelative!=null)) { + if ("default".equals(propName.toString()) + && "1".equals(propRelative.toString())) { + Object propPath = confSection.getProperty("Path"); + if (propPath!=null) { + File profileFolder = + new File(profilesIniFile.getParentFile().getAbsolutePath(), propPath.toString()); + Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings folder is {}", profileFolder); + + File settingsFile = new File(profileFolder, "prefs.js"); + return settingsFile; + } + } + } + } } } } From 1a43b70d0d0db966e3a3f3bb8b024115c252271a Mon Sep 17 00:00:00 2001 From: Andreas Kuhtz Date: Thu, 4 Apr 2024 08:01:52 +0200 Subject: [PATCH 2/2] Cleanup imports and remove FIXME --- .../browser/firefox/FirefoxSettingParser.java | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxSettingParser.java b/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxSettingParser.java index 5312ade..74f9d6c 100644 --- a/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxSettingParser.java +++ b/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxSettingParser.java @@ -3,19 +3,19 @@ import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; +import java.io.FileReader; import java.io.IOException; import java.io.InputStreamReader; import java.util.List; -import java.util.Map.Entry; import java.util.Properties; import java.util.stream.Collectors; -import org.apache.commons.configuration2.*; +import org.apache.commons.configuration2.INIConfiguration; +import org.apache.commons.configuration2.SubnodeConfiguration; import org.apache.commons.configuration2.ex.ConfigurationException; import com.github.markusbernhardt.proxy.util.Logger; import com.github.markusbernhardt.proxy.util.Logger.LogLevel; -import java.io.*; /***************************************************************************** * Parser for the Firefox settings file. Will extract all relevant proxy settings form the configuration file. @@ -99,7 +99,8 @@ protected File getSettingsFile(FirefoxProfileSource source) throws IOException, // Read profiles.ini File profilesIniFile = source.getProfilesIni(); if (profilesIniFile.exists()) { - INIConfiguration profilesIni = new INIConfiguration(); + final INIConfiguration profilesIni = new INIConfiguration(); + try (FileReader fileReader = new FileReader(profilesIniFile)) { profilesIni.read(fileReader); @@ -114,9 +115,9 @@ protected File getSettingsFile(FirefoxProfileSource source) throws IOException, SubnodeConfiguration section = profilesIni.getSection(keyFF67); Object propLocked = section.getProperty("Locked"); - if ((propLocked!=null)&&("1".equals(propLocked.toString()))) { + if (propLocked != null && "1".equals(propLocked.toString())) { Object propDefault = section.getProperty("Default"); - if (propDefault!=null) { + if (propDefault != null) { File profileFolder = new File(profilesIniFile.getParentFile().getAbsolutePath(), propDefault.toString()); Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings folder is {}", profileFolder); @@ -127,22 +128,22 @@ protected File getSettingsFile(FirefoxProfileSource source) throws IOException, } } } - else { //FIXME - does this mean we have no sections in pre FF67 ini files? or just no sections starting "Install"? + else { // no sections starting "Install" found, older version than FF67+ detected for (String section : profilesIni.getSections()) { SubnodeConfiguration confSection = profilesIni.getSection(section); - if (confSection!=null) { + if (confSection != null) { Logger .log(getClass(), LogLevel.TRACE, "Current entry, key: {}, value: {}", section, confSection.toString()); Object propName = confSection.getProperty("Name"); Object propRelative = confSection.getProperty("IsRelative"); - if ((propName!=null)&&(propRelative!=null)) { + if (propName != null && propRelative != null) { if ("default".equals(propName.toString()) && "1".equals(propRelative.toString())) { Object propPath = confSection.getProperty("Path"); - if (propPath!=null) { + if (propPath != null) { File profileFolder = new File(profilesIniFile.getParentFile().getAbsolutePath(), propPath.toString()); Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings folder is {}", profileFolder);