From 4eb124a62d76b53c71d5eac782601ea81af284d4 Mon Sep 17 00:00:00 2001 From: dburbrid Date: Wed, 3 Apr 2024 14:40:44 +0100 Subject: [PATCH] Swapped obsolete and vulnerable ini4j library for Apache Commons commons-configuration2 library. --- pom.xml | 5 +- .../firefox/FirefoxProxySearchStrategy.java | 3 +- .../browser/firefox/FirefoxSettingParser.java | 96 +++++++++++-------- 3 files changed, 62 insertions(+), 42 deletions(-) diff --git a/pom.xml b/pom.xml index 3bec927..d8938e3 100644 --- a/pom.xml +++ b/pom.xml @@ -64,8 +64,9 @@ jna-platform - org.ini4j - ini4j + org.apache.commons + commons-configuration2 + 2.10.1 org.mozilla diff --git a/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxProxySearchStrategy.java b/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxProxySearchStrategy.java index 8d271cc..7cef590 100644 --- a/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxProxySearchStrategy.java +++ b/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxProxySearchStrategy.java @@ -18,6 +18,7 @@ import com.github.markusbernhardt.proxy.util.PlatformUtil.Platform; import com.github.markusbernhardt.proxy.util.ProxyException; import com.github.markusbernhardt.proxy.util.ProxyUtil; +import org.apache.commons.configuration2.ex.ConfigurationException; /***************************************************************************** * Loads the Firefox3 proxy settings from the users Firefox3 settings. This will @@ -170,7 +171,7 @@ public Properties readSettings() throws ProxyException { try { Properties settings = settingsParser.parseSettings(profileScanner); return settings; - } catch (IOException e) { + } catch (IOException | ConfigurationException e) { throw new ProxyException("No Firefox installation found"); } } diff --git a/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxSettingParser.java b/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxSettingParser.java index 144f2e1..5312ade 100644 --- a/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxSettingParser.java +++ b/src/main/java/com/github/markusbernhardt/proxy/search/browser/firefox/FirefoxSettingParser.java @@ -10,11 +10,12 @@ import java.util.Properties; import java.util.stream.Collectors; -import org.ini4j.Ini; -import org.ini4j.Profile.Section; +import org.apache.commons.configuration2.*; +import org.apache.commons.configuration2.ex.ConfigurationException; import com.github.markusbernhardt.proxy.util.Logger; import com.github.markusbernhardt.proxy.util.Logger.LogLevel; +import java.io.*; /***************************************************************************** * Parser for the Firefox settings file. Will extract all relevant proxy settings form the configuration file. @@ -43,7 +44,7 @@ public FirefoxSettingParser() { * on read error. ************************************************************************/ - public Properties parseSettings(FirefoxProfileSource source) throws IOException { + public Properties parseSettings(FirefoxProfileSource source) throws IOException, ConfigurationException { File settingsFile = getSettingsFile(source); Properties result = new Properties(); @@ -94,47 +95,64 @@ private String removeDoubleQuotes(String string) { * @throws IOException * on read error. */ - protected File getSettingsFile(FirefoxProfileSource source) throws IOException { + protected File getSettingsFile(FirefoxProfileSource source) throws IOException, ConfigurationException { // Read profiles.ini File profilesIniFile = source.getProfilesIni(); if (profilesIniFile.exists()) { - Ini profilesIni = new Ini(profilesIniFile); - - final List keysFF67 = - profilesIni.keySet().stream().filter(s -> s.startsWith("Install")).collect(Collectors.toList()); - if (!keysFF67.isEmpty()) { - Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings for FF67+ detected."); - - for (String keyFF67 : keysFF67) { - - Logger.log(getClass(), LogLevel.DEBUG, "Current FF67+ section key is: {}", keysFF67); - Section section = profilesIni.get(keyFF67); - - if ("1".equals(section.get("Locked"))) { - File profileFolder = - new File(profilesIniFile.getParentFile().getAbsolutePath(), section.get("Default")); - Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings folder is {}", profileFolder); - - File settingsFile = new File(profileFolder, "prefs.js"); - return settingsFile; + INIConfiguration profilesIni = new INIConfiguration(); + try (FileReader fileReader = new FileReader(profilesIniFile)) { + profilesIni.read(fileReader); + + final List keysFF67 = + profilesIni.getSections().stream().filter(s -> s.startsWith("Install")).collect(Collectors.toList()); + if (!keysFF67.isEmpty()) { + Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings for FF67+ detected."); + + for (String keyFF67 : keysFF67) { + + Logger.log(getClass(), LogLevel.DEBUG, "Current FF67+ section key is: {}", keysFF67); + SubnodeConfiguration section = profilesIni.getSection(keyFF67); + + Object propLocked = section.getProperty("Locked"); + if ((propLocked!=null)&&("1".equals(propLocked.toString()))) { + Object propDefault = section.getProperty("Default"); + if (propDefault!=null) { + File profileFolder = + new File(profilesIniFile.getParentFile().getAbsolutePath(), propDefault.toString()); + Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings folder is {}", profileFolder); + + File settingsFile = new File(profileFolder, "prefs.js"); + return settingsFile; + } + } } } - } - else { - for (Entry entry : profilesIni.entrySet()) { - - Logger - .log(getClass(), LogLevel.TRACE, "Current entry, key: {}, value: {}", entry.getKey(), - entry.getValue()); - - if ("default".equals(entry.getValue().get("Name")) - && "1".equals(entry.getValue().get("IsRelative"))) { - File profileFolder = - new File(profilesIniFile.getParentFile().getAbsolutePath(), entry.getValue().get("Path")); - Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings folder is {}", profileFolder); - - File settingsFile = new File(profileFolder, "prefs.js"); - return settingsFile; + else { //FIXME - does this mean we have no sections in pre FF67 ini files? or just no sections starting "Install"? + for (String section : profilesIni.getSections()) { + SubnodeConfiguration confSection = profilesIni.getSection(section); + + if (confSection!=null) { + Logger + .log(getClass(), LogLevel.TRACE, "Current entry, key: {}, value: {}", section, + confSection.toString()); + + Object propName = confSection.getProperty("Name"); + Object propRelative = confSection.getProperty("IsRelative"); + if ((propName!=null)&&(propRelative!=null)) { + if ("default".equals(propName.toString()) + && "1".equals(propRelative.toString())) { + Object propPath = confSection.getProperty("Path"); + if (propPath!=null) { + File profileFolder = + new File(profilesIniFile.getParentFile().getAbsolutePath(), propPath.toString()); + Logger.log(getClass(), LogLevel.DEBUG, "Firefox settings folder is {}", profileFolder); + + File settingsFile = new File(profileFolder, "prefs.js"); + return settingsFile; + } + } + } + } } } }