Skip to content

Commit

Permalink
refactor: Remove vulnerable skrape-it
Browse files Browse the repository at this point in the history
  • Loading branch information
@Lastaapps
Lastaapps committed Jul 14, 2024
1 parent 4c6c72e commit 961253c
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 34 deletions.
11 changes: 0 additions & 11 deletions api/agata/build.gradle.kts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,17 +30,6 @@ dependencies {
commonMainImplementation(projects.core)
commonMainImplementation(projects.api.core)

// skrape-it
// androidMainImplementation(projects.htmlParser)
androidMainImplementation("it.skrape:skrapeit:1.2.2")
// fix security vulnerabilities in skrapeit libs
androidMainImplementation("ch.qos.logback:logback-core:1.4.12")
androidMainImplementation("ch.qos.logback:logback-classic:1.4.12")
androidMainImplementation("commons-net:commons-net:3.9.0")
androidMainImplementation("org.apache.commons:commons-text:1.10.0")
androidMainImplementation("org.jsoup:jsoup:1.15.3")
androidMainImplementation("xalan:xalan:2.7.3")

commonMainImplementation(libs.ktor.client.core)
commonMainImplementation(libs.ktor.client.contentNegotiation)
commonMainImplementation(libs.ktor.client.logging)
Expand Down
39 changes: 16 additions & 23 deletions ...agata/src/androidMain/kotlin/cz/lastaapps/menza/api/agata/api/AndroidAgataCtuWalletApi.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,6 @@

package cz.lastaapps.menza.api.agata.api

import arrow.core.Either
import arrow.core.Either.Left
import arrow.core.Either.Right
import arrow.core.flatten
import arrow.core.left
import arrow.core.raise.nullable
Expand All @@ -42,7 +39,6 @@ import io.ktor.client.statement.bodyAsText
import io.ktor.http.Cookie
import io.ktor.http.HttpHeaders
import io.ktor.http.Parameters
import it.skrape.core.htmlDocument
import java.net.URLDecoder

internal class AndroidAgataCtuWalletApi(
Expand Down Expand Up @@ -122,24 +118,24 @@ internal class AndroidAgataCtuWalletApi(
}

// Extract response codes from html
.let { htmlDocument(it.bodyAsText()) }
.bodyAsText()
.let { html ->
var relayState: String? = null
var samlResponse: String? = null

val inputField = Either.catch {
html.findAll("input")
val inputRegex =
"""<input[^>]*name="([^"]+)"[^>]*value="([^"]+)"[^>]""".toRegex()
inputRegex.findAll(html)
.forEach {
val name = it.groups[1].bind().value
val value = it.groups[2].bind().value
when (name) {
"RelayState" -> relayState = URLDecoder.decode(value, "UTF-8")
"SAMLResponse" -> samlResponse = value
}
}
when (inputField) {
is Left -> return@catchingNetwork WalletError.InvalidCredentials.left()
is Right -> inputField.value
}.forEach {
if (it.attribute("name") == "RelayState") {
relayState = URLDecoder.decode(it.attribute("value"), "UTF-8")
}
if (it.attribute("name") == "SAMLResponse") {
samlResponse = it.attribute("value")
}
if (relayState == null || samlResponse == null) {
return@catchingNetwork WalletError.InvalidCredentials.left()
}

// Send the shit back to Agata and get session cookie
Expand Down Expand Up @@ -167,12 +163,9 @@ internal class AndroidAgataCtuWalletApi(
header("Cookie", sessionCookie)
}
}.let { finalResponse ->
val html = htmlDocument(finalResponse.bodyAsText())

// Parse
html.findFirst("h4 span.badge").text
.lowercase()
.replace("", "")
"""<h4><span[^>]*>(?:<span[^>]*>)?([\d, ]+) Kč<""".toRegex()
.find(finalResponse.bodyAsText())?.groups?.get(1)?.value
.bind()
.replace(",", ".")
.replace(" ", "")
.trim()
Expand Down

0 comments on commit 961253c

Please sign in to comment.