From 195918a1bff63bd38acf236fd48e138f332e6cda Mon Sep 17 00:00:00 2001 From: Rowan Seymour Date: Tue, 16 Jul 2024 16:03:42 -0500 Subject: [PATCH] Don't use template variables as attachments unless they're valid --- flows/actions/testdata/send_msg.json | 88 ++++++++++++++++++++++++++++ flows/template.go | 2 +- utils/attachment.go | 6 ++ utils/attachment_test.go | 28 +++++---- 4 files changed, 110 insertions(+), 14 deletions(-) diff --git a/flows/actions/testdata/send_msg.json b/flows/actions/testdata/send_msg.json index 341a7facf..e8e63f01a 100644 --- a/flows/actions/testdata/send_msg.json +++ b/flows/actions/testdata/send_msg.json @@ -1003,5 +1003,93 @@ "waiting_exits": [], "parent_refs": [] } + }, + { + "description": "Image parameter value ignored if not valid attachment", + "action": { + "type": "send_msg", + "uuid": "ad154980-7bf7-4ab8-8728-545fd6378912", + "text": "The Maine Coone is the only native American long haired breed.", + "template": { + "uuid": "be68beff-1a5b-424b-815e-023cc53c1ddc", + "name": "cat_fact" + }, + "template_variables": [ + "cat", + "The first true cats came into existence about 12 million years ago and were the Proailurus." + ] + }, + "events": [ + { + "type": "msg_created", + "created_on": "2018-10-18T14:20:30.000123456Z", + "step_uuid": "59d74b86-3e2f-4a93-aece-b05d2fdcde0c", + "msg": { + "uuid": "9688d21d-95aa-4bed-afc7-f31b35731a3d", + "urn": "tel:+12065551212?channel=57f1078f-88aa-46f4-a59a-948a5739c03d&id=123", + "channel": { + "uuid": "57f1078f-88aa-46f4-a59a-948a5739c03d", + "name": "My Android Phone" + }, + "text": "The first true cats came into existence about 12 million years ago and were the Proailurus.", + "templating": { + "template": { + "uuid": "be68beff-1a5b-424b-815e-023cc53c1ddc", + "name": "cat_fact" + }, + "components": [ + { + "name": "header", + "type": "header/media", + "variables": { + "1": 0 + } + }, + { + "name": "body", + "type": "body/text", + "variables": { + "1": 1 + } + } + ], + "variables": [ + { + "type": "image", + "value": "cat" + }, + { + "type": "text", + "value": "The first true cats came into existence about 12 million years ago and were the Proailurus." + } + ] + }, + "locale": "eng-US" + } + } + ], + "templates": [ + "The Maine Coone is the only native American long haired breed.", + "cat", + "The first true cats came into existence about 12 million years ago and were the Proailurus." + ], + "localizables": [ + "The Maine Coone is the only native American long haired breed.", + "cat", + "The first true cats came into existence about 12 million years ago and were the Proailurus." + ], + "inspection": { + "dependencies": [ + { + "uuid": "be68beff-1a5b-424b-815e-023cc53c1ddc", + "name": "cat_fact", + "type": "template" + } + ], + "issues": [], + "results": [], + "waiting_exits": [], + "parent_refs": [] + } } ] \ No newline at end of file diff --git a/flows/template.go b/flows/template.go index e04df3e6e..2be5d0fe8 100644 --- a/flows/template.go +++ b/flows/template.go @@ -103,7 +103,7 @@ func (t *TemplateTranslation) Preview(vars []*TemplatingVariable) *MsgContent { if variable.Type == "text" { content = strings.ReplaceAll(content, fmt.Sprintf("{{%s}}", key), variable.Value) - } else if variable.Type == "image" || variable.Type == "video" || variable.Type == "document" { + } else if (variable.Type == "image" || variable.Type == "video" || variable.Type == "document") && utils.IsValidAttachment(variable.Value) { attachments = append(attachments, utils.Attachment(variable.Value)) } } diff --git a/utils/attachment.go b/utils/attachment.go index e7c684737..9c75fc496 100644 --- a/utils/attachment.go +++ b/utils/attachment.go @@ -42,3 +42,9 @@ func (a Attachment) URL() string { _, url := a.ToParts() return url } + +// IsValidAttachment returns whether the given string is a valid attachment +func IsValidAttachment(s string) bool { + typ, url := Attachment(s).ToParts() + return typ != "" && url != "" +} diff --git a/utils/attachment_test.go b/utils/attachment_test.go index b9705ee31..7eca6996a 100644 --- a/utils/attachment_test.go +++ b/utils/attachment_test.go @@ -14,27 +14,29 @@ func TestAttachment(t *testing.T) { assert.Equal(t, "image/jpeg", attachment.ContentType()) assert.Equal(t, "https://example.com/test.jpg", attachment.URL()) - assertParse := func(a string, expectedType, expectedURL string) { + assertParse := func(a string, expectedType, expectedURL string, isValid bool) { actualType, actualURL := utils.Attachment(a).ToParts() assert.Equal(t, expectedType, actualType, "content type mismatch for attachment '%s'", a) assert.Equal(t, expectedURL, actualURL, "content type mismatch for attachment '%s'", a) + assert.Equal(t, isValid, utils.IsValidAttachment(a), "is valid mismatch for attachment '%s'", a) } - assertParse("audio:http://test.m4a", "audio", "http://test.m4a") - assertParse("audio/mp4:http://test.m4a", "audio/mp4", "http://test.m4a") - assertParse("audio:/file/path", "audio", "/file/path") + assertParse("audio:http://test.m4a", "audio", "http://test.m4a", true) + assertParse("audio/mp4:http://test.m4a", "audio/mp4", "http://test.m4a", true) + assertParse("audio:/file/path", "audio", "/file/path", true) - assertParse("application:http://test.pdf", "application", "http://test.pdf") - assertParse("application/pdf:http://test.pdf", "application/pdf", "http://test.pdf") + assertParse("application:http://test.pdf", "application", "http://test.pdf", true) + assertParse("application/pdf:http://test.pdf", "application/pdf", "http://test.pdf", true) - assertParse("geo:-2.90875,-79.0117686", "geo", "-2.90875,-79.0117686") + assertParse("geo:-2.90875,-79.0117686", "geo", "-2.90875,-79.0117686", true) - assertParse("unavailable:http://bad.link", "unavailable", "http://bad.link") + assertParse("unavailable:http://bad.link", "unavailable", "http://bad.link", true) // be lenient with invalid attachments - assertParse("foo", "", "foo") - assertParse("http://test.jpg", "", "http://test.jpg") - assertParse("https://test.jpg", "", "https://test.jpg") - assertParse("HTTPS://test.jpg", "", "HTTPS://test.jpg") - assertParse(":http://test.jpg", "", ":http://test.jpg") + assertParse("", "", "", false) + assertParse("foo", "", "foo", false) + assertParse("http://test.jpg", "", "http://test.jpg", false) + assertParse("https://test.jpg", "", "https://test.jpg", false) + assertParse("HTTPS://test.jpg", "", "HTTPS://test.jpg", false) + assertParse(":http://test.jpg", "", ":http://test.jpg", false) }