OpenByBrowser追加

Possible OS command injection(CWE-78)対策

sakura_core/cmd/CViewCommander_File.cpp

@@ -52,6 +52,7 @@
 #include "CWriteManager.h"
 #include "CEditApp.h"
 #include "recent/CMRUFile.h"
+#include "util/shell.h"
 #include "util/window.h"
 #include "charset/CCodeFactory.h"
 #include "plugin/CPlugin.h"
@@ -450,28 +451,9 @@ void CViewCommander::Command_BROWSE( void )
 		ErrorBeep();
 		return;
 	}
-//	char	szURL[MAX_PATH + 64];
-//	auto_sprintf( szURL, L"%ls", GetDocument()->m_cDocFile.GetFilePath() );
-	/* URLを開く */
-//	::ShellExecuteEx( NULL, L"open", szURL, NULL, NULL, SW_SHOW );
-
-    SHELLEXECUTEINFO info; 
-    info.cbSize =sizeof(info);
-    info.fMask = 0;
-    info.hwnd = NULL;
-    info.lpVerb = NULL;
-    info.lpFile = GetDocument()->m_cDocFile.GetFilePath();
-    info.lpParameters = NULL;
-    info.lpDirectory = NULL;
-    info.nShow = SW_SHOWNORMAL;
-    info.hInstApp = 0;
-    info.lpIDList = NULL;
-    info.lpClass = NULL;
-    info.hkeyClass = 0; 
-    info.dwHotKey = 0;
-    info.hIcon =0;
-
-	::ShellExecuteEx(&info);
+
+	std::wstring_view path(GetDocument()->m_cDocFile.GetFilePath());
+	OpenByBrowser(m_pCommanderView->GetHwnd(), path);
 
 	return;
 }

sakura_core/dlg/CDlgAbout.cpp

@@ -25,6 +25,7 @@
 #include "uiparts/HandCursor.h"
 #include "util/file.h"
 #include "util/module.h"
+#include "util/shell.h"
 #include "util/window.h"
 #include "sakura_rc.h" // 2002/2/10 aroka 復帰
 #include "version.h"
@@ -330,28 +331,28 @@ BOOL CDlgAbout::OnStnClicked( int wID )
 //	case IDC_STATIC_URL_ORG:	del 2008/7/4 Uchi
 		//	Web Browserの起動
 		{
-			WCHAR buf[512];
-			::GetWindowText( GetItemHwnd( wID ), buf, _countof(buf) );
-			::ShellExecute( GetHwnd(), NULL, buf, NULL, NULL, SW_SHOWNORMAL );
+			std::wstring url;
+			ApiWrap::DlgItem_GetText(GetHwnd(), wID, url);
+			OpenByBrowser(GetHwnd(), url);
 			return TRUE;
 		}
 	case IDC_STATIC_URL_CI_BUILD:
 		{
 #if defined(CI_BUILD_URL)
-			::ShellExecute(GetHwnd(), NULL, _T(CI_BUILD_URL), NULL, NULL, SW_SHOWNORMAL);
+			OpenByBrowser(GetHwnd(), _T(CI_BUILD_URL));
 #elif defined(GIT_REMOTE_ORIGIN_URL)
-			::ShellExecute(GetHwnd(), NULL, _T(GIT_REMOTE_ORIGIN_URL), NULL, NULL, SW_SHOWNORMAL);
+			OpenByBrowser(GetHwnd(), _T(GIT_REMOTE_ORIGIN_URL));
 #endif
 			return TRUE;
 		}
 	case IDC_STATIC_URL_GITHUB_COMMIT:
 #if defined(GITHUB_COMMIT_URL)
-		::ShellExecute(GetHwnd(), NULL, _T(GITHUB_COMMIT_URL), NULL, NULL, SW_SHOWNORMAL);
+		OpenByBrowser(GetHwnd(), _T(GITHUB_COMMIT_URL));
 #endif
 		return TRUE;
 	case IDC_STATIC_URL_GITHUB_PR:
 #if defined(GITHUB_PR_HEAD_URL)
-		::ShellExecute(GetHwnd(), NULL, _T(GITHUB_PR_HEAD_URL), NULL, NULL, SW_SHOWNORMAL);
+		OpenByBrowser(GetHwnd(), _T(GITHUB_PR_HEAD_URL));
 #endif
 		return TRUE;
 	}

sakura_core/prop/CPropComPlugin.cpp

@@ -40,6 +40,7 @@
 #include "io/CTextStream.h"
 #include "io/CZipFile.h"
 #include "CSelectLang.h"
+#include "util/shell.h"
 #include "sakura_rc.h"
 #include "sakura.hh"
 #include "config/app_constants.h"
@@ -267,7 +268,7 @@ INT_PTR CPropPlugin::DispatchEvent( HWND hwndDlg, UINT uMsg, WPARAM wParam, LPAR
 					if (sel >= 0){
 						CPlugin* plugin = CPluginManager::getInstance()->GetPlugin(sel);
 						if (plugin != NULL){
-							::ShellExecute(NULL, L"Open", plugin->m_sUrl.c_str(), NULL, NULL, SW_SHOW);
+							OpenByBrowser( hwndDlg, plugin->m_sUrl );
 						}
 					}
 				}

sakura_core/util/shell.cpp

@@ -29,6 +29,9 @@
 #include <ShlObj.h>
 #include <ShellAPI.h>
 #include <CdErr.h> // Nov. 3, 2005 genta	//CDERR_FINDRESFAILURE等
+
+#include <regex>
+
 #include "util/shell.h"
 #include "util/string_ex2.h"
 #include "util/file.h"
@@ -591,7 +594,7 @@ BOOL MyWinHelp(HWND hwndCaller, UINT uCommand, DWORD_PTR dwData)
 
 		WCHAR buf[256];
 		swprintf( buf, _countof(buf), L"https://sakura-editor.github.io/help/HLP%06Iu.html", dwData );
-		ShellExecute( ::GetActiveWindow(), NULL, buf, NULL, NULL, SW_SHOWNORMAL );
+		OpenByBrowser( ::GetActiveWindow(), buf );
 	}
 
 	return TRUE;
@@ -645,3 +648,26 @@ BOOL MySelectFont( LOGFONT* plf, INT* piPointSize, HWND hwndDlgOwner, bool Fixed
 
 	return TRUE;
 }
+
+//! ブラウザで開く
+bool OpenByBrowser(HWND hWnd, std::wstring_view url)
+{
+	if (url.empty()) {
+		return false;
+	}
+
+	if (!std::regex_search(url.data(), std::wregex(LR"(^[a-z]+://\b)"))
+		&& !std::regex_search(url.data(), std::wregex(LR"(^(mailto|news):)"))
+		&& !std::regex_search(url.data(), std::wregex(LR"(^[A-Z]:\\)", std::wregex::icase))
+		&& !std::regex_search(url.data(), std::wregex(LR"(^\\\\:)"))) {
+		return false;
+	}
+
+	// If the function succeeds, it returns a value greater than 32. 
+	if (auto hInstance = ::ShellExecuteW(hWnd, L"open", url.data(), nullptr, nullptr, SW_SHOWNORMAL);
+		hInstance <= (decltype(hInstance))32) {
+		return false;
+	}
+
+	return true;
+}

sakura_core/util/shell.h

@@ -29,6 +29,10 @@
 #define SAKURA_SHELL_0A8B6454_B007_46E5_9606_8D2FD7993B91_H_
 #pragma once
 
+#include <Windows.h>
+
+#include <string_view>
+
 BOOL MyWinHelp(HWND hwndCaller, UINT uCommand, DWORD_PTR dwData);	/* WinHelp のかわりに HtmlHelp を呼び出す */	// 2006.07.22 ryoji
 
 /* Shell Interface系(?) */
@@ -54,4 +58,8 @@ INT_PTR MyPropertySheet( LPPROPSHEETHEADER lppsph );	// 独自拡張プロパテ
 
 //!フォント選択ダイアログ
 BOOL MySelectFont( LOGFONT* plf, INT* piPointSize, HWND hwndDlgOwner, bool );	// 2009.10.01 ryoji ポイントサイズ（1/10ポイント単位）引数追加
+
+//! ブラウザで開く
+bool OpenByBrowser(HWND hWnd, std::wstring_view url);
+
 #endif /* SAKURA_SHELL_0A8B6454_B007_46E5_9606_8D2FD7993B91_H_ */

sakura_core/view/CEditView_Mouse.cpp

@@ -38,6 +38,7 @@
 #include "uiparts/HandCursor.h"
 #include "util/input.h"
 #include "util/os.h"
+#include "util/shell.h"
 #include "charset/CCodeBase.h"
 #include "charset/CCodeFactory.h"
 #include "apiwrap/StdApi.h"
@@ -1533,7 +1534,7 @@ void CEditView::OnLBUTTONUP( WPARAM fwKeys, int xPos , int yPos )
 static unsigned __stdcall ShellExecuteProc( LPVOID lpParameter )
 {
 	LPWSTR pszFile = (LPWSTR)lpParameter;
-	::ShellExecute( NULL, L"open", pszFile, NULL, NULL, SW_SHOW );
+	OpenByBrowser( ::GetActiveWindow(), pszFile );
 	free( pszFile );
 	return 0;
 }