diff --git a/libs/database/src/main/java/org/fdroid/repo/RepoAdder.kt b/libs/database/src/main/java/org/fdroid/repo/RepoAdder.kt index c107c709c..37d3ece5b 100644 --- a/libs/database/src/main/java/org/fdroid/repo/RepoAdder.kt +++ b/libs/database/src/main/java/org/fdroid/repo/RepoAdder.kt @@ -25,6 +25,7 @@ import org.fdroid.database.Repository import org.fdroid.database.RepositoryDaoInt import org.fdroid.download.DownloaderFactory import org.fdroid.download.HttpManager +import org.fdroid.download.HttpManager.Companion.isInvalidHttpUrl import org.fdroid.download.NotFoundException import org.fdroid.index.IndexFormatVersion import org.fdroid.index.SigningException @@ -125,7 +126,11 @@ internal class RepoAdder( // get repo url and fingerprint val nUri = repoUriGetter.getUri(url) log.info("Parsed URI: $nUri") - // TODO reject non-http(s) Uri here + if (isInvalidHttpUrl(nUri.uri.toString())) { + val e = IllegalArgumentException("Unsupported URI: ${nUri.uri}") + addRepoState.value = AddRepoError(INVALID_INDEX, e) + return + } // some plumping to receive the repo preview var receivedRepo: Repository? = null diff --git a/libs/database/src/test/java/org/fdroid/repo/RepoAdderTest.kt b/libs/database/src/test/java/org/fdroid/repo/RepoAdderTest.kt index 3dde83f84..43338a0be 100644 --- a/libs/database/src/test/java/org/fdroid/repo/RepoAdderTest.kt +++ b/libs/database/src/test/java/org/fdroid/repo/RepoAdderTest.kt @@ -107,6 +107,26 @@ internal class RepoAdderTest { } } + @Test + fun testInvalidUri() = runTest { + repoAdder.fetchRepositoryInt("irc://example.org/repo/") // invalid scheme + + repoAdder.addRepoState.test { + val state1 = awaitItem() + assertIs(state1) + assertEquals(INVALID_INDEX, state1.errorType) + } + + repoAdder.abortAddingRepo() + repoAdder.fetchRepositoryInt("https://%-") // invalid hostname + + repoAdder.addRepoState.test { + val state1 = awaitItem() + assertIs(state1) + assertEquals(INVALID_INDEX, state1.errorType) + } + } + @Test fun testAddingMinRepo() = runTest { val url = "https://example.org/repo/"