nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-28 23:04:50 -05:00
Code

try to find format of any non-allowed type

Browse Source
This commit is contained in:
Kyle Spearrin 2018-05-25 14:19:40 -04:00
parent 6d3ad7d9e4
commit 68125d2c9b
1 changed files with 2 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/Icons/Services/IconFetchingService.cs
View File

@ -26,15 +26,11 @@ namespace Bit.Icons.Services
private static byte[] _icoHeader = new byte[] { 00, 00, 01, 00 }; private static byte[] _icoHeader = new byte[] { 00, 00, 01, 00 };
private static string _jpegMediaType = "image/jpeg"; private static string _jpegMediaType = "image/jpeg";
private static byte[] _jpegHeader = new byte[] { 255, 216, 255 }; private static byte[] _jpegHeader = new byte[] { 255, 216, 255 };
private static string _octetMediaType = "application/octet-stream";
private static string _textMediaType = "text/plain";
private static readonly HashSet<string> _allowedMediaTypes = new HashSet<string>{ private static readonly HashSet<string> _allowedMediaTypes = new HashSet<string>{
_pngMediaType, _pngMediaType,
_icoMediaType, _icoMediaType,
_icoAltMediaType, _icoAltMediaType,
_jpegMediaType, _jpegMediaType
_octetMediaType,
_textMediaType
}; };
public IconFetchingService() public IconFetchingService()
@ -185,13 +181,8 @@ namespace Bit.Icons.Services
} }
var format = response.Content.Headers?.ContentType?.MediaType; var format = response.Content.Headers?.ContentType?.MediaType;
if(format == null || !_allowedMediaTypes.Contains(format))
{
return null;
}
var bytes = await response.Content.ReadAsByteArrayAsync(); var bytes = await response.Content.ReadAsByteArrayAsync();
if(format == _octetMediaType || format == _textMediaType) if(format == null || !_allowedMediaTypes.Contains(format))
{ {
if(HeaderMatch(bytes, _icoHeader)) if(HeaderMatch(bytes, _icoHeader))
{ {