Bugfix: URL parsing for two factor authorization check

If the URL field contains local filenames or network shares, error messages could be thrown. Closes #78
Rookiestyle · Nov 14, 2021 · 8ae074a · 8ae074a
1 parent eeb786c
commit 8ae074a
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 10 deletions.
diff --git a/src/DAO/TFASites.cs b/src/DAO/TFASites.cs
@@ -8,6 +8,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Text.RegularExpressions;
 using System.Windows.Forms;
 
 namespace KeePassOTP
@@ -48,6 +49,7 @@ internal class TFAData
 			public List<string> custom_hardware;
 			public List<string> keywords;
 			public bool tfa_possible {  get { return tfa.Count > 0; } }
+			public Regex RegexUrl = null;
 		}
 
 		private enum TFALoadProcess
@@ -129,12 +131,19 @@ public static TFAPossible IsTFAPossible(string url)
 
 				if (m_LoadState == TFALoadProcess.FileNotFound) return TFAPossible.Unknown;
 				if (m_LoadState != TFALoadProcess.Loaded) return TFAPossible.Error;
-				KeePassLib.Delegates.GFunc<string, string, bool> IsRegexMatch = (string sRegex, string sUrl) =>
-				  {
-					  System.Text.RegularExpressions.Regex r = new System.Text.RegularExpressions.Regex(sRegex);
-					  return r.IsMatch(sUrl);
-				  };
-                tfa = m_dTFA.FirstOrDefault(x => IsRegexMatch(x.Key, url)).Value;
+				KeePassLib.Delegates.GFunc<Regex, string, bool> IsRegexMatch = (Regex r, string sUrl) =>
+				{
+					try
+					{
+						return r != null ? r.IsMatch(sUrl) : false;
+					}
+					catch (Exception ex)
+                    {
+						PluginDebug.AddError("Error in URL regex matching", 0, "Error: " + ex.Message, "Regex: " + r.ToString());
+						return false;
+                    }
+				};
+				tfa = m_dTFA.FirstOrDefault(x => IsRegexMatch(x.Value.RegexUrl, url)).Value;
 				if (tfa == null)
 				{
 					tfa = new TFAData();
@@ -258,7 +267,9 @@ private static void ReadOTPSites(object s)
 				tfa.custom_software = GetJSonList(jtEntry, "custom_software");
 				tfa.custom_hardware = GetJSonList(jtEntry, "custom_hardware");
 				tfa.keywords = GetJSonList(jtEntry, "keywords");
-				m_dTFA[CreatePattern(tfa.domain)] = tfa;
+				string sRegexPattern = CreatePattern(tfa.domain);
+				tfa.RegexUrl = new Regex(sRegexPattern);
+				m_dTFA[sRegexPattern] = tfa;
 			}
 			DateTime dtEnd = DateTime.Now;
 			lock (m_TFAReadLock)

diff --git a/src/Properties/AssemblyInfo.cs b/src/Properties/AssemblyInfo.cs
@@ -30,5 +30,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.1")]
-[assembly: AssemblyFileVersion("1.1")]
+[assembly: AssemblyVersion("1.1.1")]
+[assembly: AssemblyFileVersion("1.1.1")]
diff --git a/version.info b/version.info
@@ -1,5 +1,5 @@
 :
-KeePassOTP:1.1
+KeePassOTP:1.1.1
 KeePassOTP!de:21
 KeePassOTP!fr:7
 KeePassOTP!pt:11