[$500] Request Money -Scan - Scan report allows protected PDF upload

[kbecciv]

If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!

---

Action Performed:

1. Open the app
2. Click on plus and click request money
3. Click on scan and upload password protected PDF
4. Complete the process
5. Observe that it causes unexpected error

Expected Result:

Error message "Password protected and cannot be read" displayed immediately after a password protected PDF is selected.

Actual Result:

Scan report allows password protected PDF upload and causes unexpected error after the process

Workaround:

Unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android / native
• Android / Chrome
• iOS / native
• iOS / Safari
• MacOS / Chrome / Safari
• MacOS / Desktop

Version Number: 1.3.63.0
Reproducible in staging?: y
Reproducible in production?: y
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos: Any additional supporting documentation

protected.pdf.upload.scan.error.1.mp4

Recording.4236.mp4

Expensify/Expensify Issue URL:
Issue reported by: @dhanashree-sawant
Slack conversation: https://expensify.slack.com/archives/C049HHMV9SM/p1693417461660059

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~019e1ea506f5c204cc
• Upwork Job ID: 1700171947455168512
• Last Price Increase: 2023-09-08

[melvin-bot]

Triggered auto assignment to @michaelhaxhiu (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[melvin-bot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[michaelhaxhiu]

I think we need to hammer out the Expected Result a little more. Like would it be better to show an error immediately after a password protected PDF is selected (saying it's "Password protected and cannot be read")?

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~019e1ea506f5c204cc

[michaelhaxhiu]

Let's get some C+ eyes on this!

[melvin-bot]

Triggered auto assignment to @dylanexpensify (External), see https://stackoverflow.com/c/expensify/questions/8582 for more details.

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @Santhosh-Sellavel (External)

[michaelhaxhiu]

Also @kbecciv why does this have [Distance] in the title? Am I spacing on something?

[ishpaul777]

Proposal

Please re-state the problem that we are trying to solve in this issue.

Scan report allows protected PDF upload

What is the root cause of that problem?

Pdf File is not validated for encryption while validation of file

What changes do you think we should make in order to solve the problem?

Validate file for encryption.

const { fileExtension } = FileUtils.splitExtensionFromFileName(lodashGet(file, 'name', ''));

    // if file extexnsion is pdf validate if it is not password protected
    if (fileExtension.toLowerCase() === "pdf") {
        const reader = new FileReader();
        reader.readAsArrayBuffer(file);
        reader.onload = function () {
            let files = new Blob([reader.result], { type: 'application/pdf' });
            files.text().then(x => {
                if (x.includes('/Encrypt')) {
                    Receipt.setUploadReceiptError(true, Localize.translateLocal('attachmentPicker.wrongFileType'), Localize.translateLocal('attachmentPicker.notAllowedExtension'));
                    return false;
                }
            });
        };
    }

[b4s36t4]

Proposal

Please re-state the problem that we are trying to solve in this issue.

Request Money -Scan - Scan report allows protected PDF upload

What is the root cause of that problem?

We're not checking the PDF is weather encrypted or not, we're just processing the PDF without verifying.

What changes do you think we should make in order to solve the problem?

We could use pdfJs from react-pdf and load the document before moving on to next step.

We can validate if the selected is pdf or not, then we load the pdf using pdfJS which raises error if it's a protected file.

We're not passing any onPassword callback which is the reason to raise the error.

We need to update this function

App/src/pages/iou/ReceiptSelector/index.js

Line 79 in 636b065

const setReceiptAndNavigate = (file, iou, report) => {

By using the following we can also catch the exception of invalid PDF. (maybe selected file is not pdf but extension is .pdf?)

// code

const isPdf = pdfjs.isPdfFile(file.name);

const filePath = URL.createObjectURL(file);
if (isPdf) {
    pdfjs
        .getDocument(filePath)
        .promise.then(() => {
            // PDF loaded correctly
            IOU.setMoneyRequestReceipt(filePath, file.name);
            IOU.navigateToNextPage(iou, iouType, reportID, report);
        })
        .catch((error) => {
            // PDF is asking for password
            if (error.code === CONST.PDF_PASSWORD_FORM.REACT_PDF_PASSWORD_RESPONSES.NEED_PASSWORD) {
                Receipt.setUploadReceiptError(true, translate('attachmentPicker.wrongFileType'), translate('attachmentPicker.notAllowedExtension'));
                return;
            }
            Receipt.setUploadReceiptError(true, translate('attachmentPicker.attachmentError'), translate('attachmentPicker.errorWhileSelectingAttachment'));
        });
    return;
}
IOU.setMoneyRequestReceipt(filePath, file.name);
IOU.navigateToNextPage(iou, iouType, reportID, report);

//code

What alternative solutions did you explore? (Optional)

NA

Result

Kapture.2023-09-08.at.22.02.21.mp4

[Santhosh-Sellavel]

@michaelhaxhiu Unassigned due to low bandwidth can you get a new C+ here by re-applying the external label again, thanks!

[situchan]

@michaelhaxhiu I am interested in reviewing this.

Currently, I see that any file types (not only image, pdf but also txt, dmg, etc) are acceptable in scan upload as long as its size is within 240bytes-24MB. Even folder is able to drag & drop.
Should this be fixed here? If so, what file format should only be allowed?

[ishpaul777]

I see that any file types (not only image, pdf but also txt, dmg, etc)

@situchan I reported this a while ago - https://app.slack.com/client/T03SC9DTT/C049HHMV9SM/thread/C049HHMV9SM-1692815288.242469

[situchan]

I see that restriction is removed in #21285. But it's general, i.e. in composer.
I still think we should add restriction to scan receipt file type.

[ishpaul777]

Agreed, thats why I propose the option to validate in my propsal linked to thread

[ishpaul777]

There is Also one more issue if we dont validate the file type in composer or scan receipt. User add a app to to composer. nothing happens and next time the add attachment option won't even work.

Screen.Recording.2023-09-08.at.10.52.05.PM.mov

[melvin-bot]

Current assignee @michaelhaxhiu is eligible for the External assigner, not assigning anyone new.

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @narefyev91 (External)

[michaelhaxhiu]

Re-assigned label to get a new C+ assigned, per Santhosh's comment above.

[akinwale]

@michaelhaxhiu I am interested in reviewing this.

Currently, I see that any file types (not only image, pdf but also txt, dmg, etc) are acceptable in scan upload as long as its size is within 240bytes-24MB. Even folder is able to drag & drop. Should this be fixed here? If so, what file format should only be allowed?

Folder drag and drop was raised in #26892 but closed as wontfix due to the platform (Windows). If we intend to get that sorted, then it makes sense to reopen the issue.

[situchan]

@michaelhaxhiu we should confirm the expected behavior first. Which option?

• limit file types (i.e. image only) as this is scan receipt
• allow pdf but do frontend validation if it's password protected

[michaelhaxhiu]

After brewing, this is seeming more like a feature request than a bug report. We already show an error when you try to upload this file type, so I am leaning toward this behaving as expected.

You could argue we need a more specific error message - but that's where this venture into feature request territory in my mind. I'm going to close this for now as I think it's more of a new feature than bug. If you disagree feel free to make your case in the Slack thread!