Fix use secure temp directory for remote sync (keepassxreboot#10911)

t-h-e · Jun 17, 2024 · 6ecf2fc · 6ecf2fc
1 parent 24dc078
commit 6ecf2fc
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 3 deletions.
diff --git a/src/gui/DatabaseWidget.cpp b/src/gui/DatabaseWidget.cpp
@@ -1145,6 +1145,8 @@ void DatabaseWidget::uploadAndFinishSync(const RemoteParams* params, RemoteHandl
 
 void DatabaseWidget::finishSync(const RemoteParams* params, RemoteHandler::RemoteResult result)
 {
+    QScopedPointer<RemoteHandler> remoteHandler(new RemoteHandler(this));
+    remoteHandler->cleanup(result.filePath);
     setDisabled(false);
     emit updateSyncProgress(-1, "");
     if (result.success) {

diff --git a/src/gui/remote/DatabaseSettingsWidgetRemote.cpp b/src/gui/remote/DatabaseSettingsWidgetRemote.cpp
@@ -196,5 +196,6 @@ void DatabaseSettingsWidgetRemote::testDownload()
         return;
     }
 
+    remoteHandler->cleanup(result.filePath);
     m_ui->messageWidget->showMessage(tr("Download successful."), MessageWidget::Positive);
 }
diff --git a/src/gui/remote/RemoteHandler.cpp b/src/gui/remote/RemoteHandler.cpp
@@ -15,6 +15,8 @@
  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include <QDebug>
+
 #include "RemoteHandler.h"
 
 #include "RemoteProcess.h"
@@ -29,7 +31,22 @@ namespace
     {
         QString uuid = QUuid::createUuid().toString().remove(0, 1);
         uuid.chop(1);
-        return QDir::toNativeSeparators(QDir::temp().absoluteFilePath("RemoteDatabase-" + uuid + ".kdbx"));
+        QString location = QStandardPaths::writableLocation(QStandardPaths::RuntimeLocation);
+        qDebug() << "writeable location: " << location;
+        if (location.isEmpty()) {
+            location = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
+            qDebug() << "temp location: " << location;
+        }
+        QDir bla(location);
+        bla.mkdir(uuid);
+        qDebug() << "created uuid dir";
+        QDir uuidPath(bla.absoluteFilePath(uuid));
+        qDebug() << "uuid path: " << uuidPath.path();
+        qDebug() << "permissions before: " << QFile(uuidPath.path()).permissions();
+        QFile(uuidPath.path()).setPermissions(QFileDevice::ReadOwner | QFileDevice::WriteOwner | QFileDevice::ExeOwner);
+        qDebug() << "set permissions: " << QFile(uuidPath.path()).permissions();
+
+        return QDir::toNativeSeparators(uuidPath.absoluteFilePath("RemoteDatabase-" + uuid + ".kdbx"));
     }
 } // namespace
 
@@ -58,6 +75,9 @@ RemoteHandler::RemoteResult RemoteHandler::download(const RemoteParams* params)
         }
 
         auto filePath = getTempFileLocation();
+        qDebug() << "Temp file location: " << filePath;
+        qDebug() << "Download command: " << params->downloadCommand;
+        qDebug() << "Download input: " << params->downloadInput;
         auto remoteProcess = m_createRemoteProcess(nullptr); // use nullptr parent, otherwise there is a warning
         remoteProcess->setTempFileLocation(filePath);
         remoteProcess->start(params->downloadCommand);
@@ -103,6 +123,7 @@ RemoteHandler::RemoteResult RemoteHandler::upload(const QString& filePath, const
 {
     return AsyncTask::runAndWaitForFuture([filePath, params] {
         RemoteResult result;
+        result.filePath = filePath;
         if (!params) {
             result.success = false;
             result.errorMessage = tr("Invalid database pointer or upload parameters provided.");
@@ -143,3 +164,19 @@ RemoteHandler::RemoteResult RemoteHandler::upload(const QString& filePath, const
         return result;
     });
 }
+
+void RemoteHandler::cleanup(QString& tempFileLocation)
+{
+    qDebug() << "cleanup: " << tempFileLocation;
+
+    QFileInfo file(tempFileLocation);
+    if (file.absoluteDir().exists()) {
+        if (file.absoluteDir().removeRecursively()) {
+            qDebug() << "cleanup done";
+        } else {
+            qDebug() << "cleanup failed";
+        }
+    } else {
+        qDebug() << "nothing to cleanup";
+    }
+}
diff --git a/src/gui/remote/RemoteHandler.h b/src/gui/remote/RemoteHandler.h
@@ -44,12 +44,13 @@ class RemoteHandler : public QObject
     RemoteResult download(const RemoteParams* params);
     RemoteResult upload(const QString& filePath, const RemoteParams* params);
 
+    void cleanup(QString& tempFileLocation);
+
     // Used for testing only
     static void setRemoteProcessFunc(std::function<QScopedPointer<RemoteProcess>(QObject*)> func);
 
 private:
     static std::function<QScopedPointer<RemoteProcess>(QObject*)> m_createRemoteProcess;
-    static QString m_tempFileLocation;
 
     Q_DISABLE_COPY(RemoteHandler)
 };

diff --git a/src/gui/remote/RemoteProcess.cpp b/src/gui/remote/RemoteProcess.cpp
@@ -17,7 +17,6 @@
 
 #include "RemoteProcess.h"
 
-#include <QTemporaryDir>
 #include <QUuid>
 
 RemoteProcess::RemoteProcess(QObject* parent)