Merge pull request #12643 from nextcloud/revert-12577-fix/internal-file-exfiltration

Revert "Fix Path Traversal To Internal File ExFiltration"

app/src/androidTest/java/com/owncloud/android/ui/helpers/UriUploaderIT.kt

@@ -5,14 +5,11 @@ import androidx.test.core.app.launchActivity
 import com.nextcloud.client.jobs.upload.FileUploadWorker
 import com.nextcloud.test.TestActivity
 import com.owncloud.android.AbstractIT
-import com.owncloud.android.lib.common.utils.Log_OC
 import org.junit.Assert
 import org.junit.Test
 
 class UriUploaderIT : AbstractIT() {
 
-    private val tag = "UriUploaderIT"
-
     @Test
     fun testUploadPrivatePathSharedPreferences() {
         launchActivity<TestActivity>().use { scenario ->
@@ -46,9 +43,6 @@ class UriUploaderIT : AbstractIT() {
             null
         )
         val uploadResult = sut.uploadUris()
-
-        Log_OC.d(tag, "Upload Result: ${uploadResult.name}")
-
         Assert.assertEquals(
             "Wrong result code",
             UriUploader.UriUploaderResultCode.ERROR_SENSITIVE_PATH,

app/src/main/java/com/owncloud/android/ui/helpers/UriUploader.kt

@@ -20,8 +20,6 @@
 package com.owncloud.android.ui.helpers
 
 import android.content.ContentResolver
-import android.content.Context
-import android.content.pm.ProviderInfo
 import android.net.Uri
 import android.os.Parcelable
 import com.nextcloud.client.account.User
@@ -72,7 +70,7 @@ class UriUploader(
         try {
             val anySensitiveUri = mUrisToUpload
                 .filterNotNull()
-                .any { belongsToCurrentApplication(mActivity, it as Uri) }
+                .any { isSensitiveUri((it as Uri)) }
             if (anySensitiveUri) {
                 Log_OC.e(TAG, "Sensitive URI detected, aborting upload.")
                 code = UriUploaderResultCode.ERROR_SENSITIVE_PATH
@@ -113,11 +111,7 @@ class UriUploader(
         return mUploadPath + displayName
     }
 
-    private fun belongsToCurrentApplication(ctx: Context, uri: Uri): Boolean {
-        val authority: String = uri.authority.toString()
-        val info: ProviderInfo = ctx.packageManager.resolveContentProvider(authority, 0) ?: return true
-        return ctx.packageName.equals(info.packageName)
-    }
+    private fun isSensitiveUri(uri: Uri): Boolean = uri.toString().contains(mActivity.packageName)
 
     /**
      * Requests the upload of a file in the local file system to [FileUploadHelper] service.