Security/Reviews/Gaia/Contacts/Import
Contents
Feature Review Details
- App: Contacts, which is part of the Communications application
- Review Date: November 18th, 2013
- Review Lead: Stéphanie Ouillon
- Branch reviewed: master
- Latest commit:
https://github.com/mozilla-b2g/gaia/commit/6b8572b10572059a359ff0fc68a0e0b83eda250b
Overview
This review focuses on one feature in particular of the Contacts app: importing and exporting contacts.
There are several ways to import/export contacts:
- external services on the web such as Google, Live, Yahoo BT! and Facebook
- SIM card or SD card
- vCard via bluetooth
(undergoing work: NFC)
Architecture
This review goes through the Gaia Communications app, the Contacts API and the underlying code to communicate with the SIM/SD card. The code is split between several components of the Communications app:
- contacts: OAuth2, Facebook integration, SIM/SD card, vCard
- gmail: service extension for importing contacts
- live: service extension for importing contacts
- facebook: service extension for importing/synchronising contacts
The service extensions are registered in the contacts app.
Several APIs are used:
- DeviceStorage: used to access the sdcard filesystem. Security review here.
- MozIccManager: provides STK (SIM Application TooKit) functionalities
- Bluetooth: allows to connect to a Bluetooth device to get a vCard. Security review here
Relevant Documentation
webAPI: ContactsAPI - privileged
- Wiki: https://wiki.mozilla.org/WebAPI/ContactsAPI
- MDN: https://developer.mozilla.org/en-US/docs/WebAPI/Contacts
- Code: http://mxr.mozilla.org/mozilla-central/source/dom/contacts/
- Security review: https://wiki.mozilla.org/WebAPI/Security/Contacts
Gaia: Contacts in the Communications app
- Wiki: https://wiki.mozilla.org/Gaia/Contacts
- Code: https://github.com/mozilla-b2g/gaia/tree/master/apps/communications/contacts
- Security review: https://wiki.mozilla.org/Security/Reviews/Gaia/Contacts
Importing contacts from an external service
Importing contacts from an external service means authenticating on the distant service via OAuth2. The implementation is distributed in several different places:
- The common logic for the OAuth v2 implementation is in
contacts/oauth2
. - The UI used for every service - be it gmail, live or facebook - is implemented in
fb_oauth.js
in thecommunications/facebook
app. - About the Facebook OAuth API: some logic is handled in
communications/facebook
andcommunications/contacts/js/fb/
Synchronizing contacts (‘sync’) is currently possible for Facebook contacts, but not for gmail and live. So we’re more concerned about imports than exports.
The gmail, live and facebook connectors implement a common interface to import contacts with a method adaptDataForShowing
:
In the case of gmail, one additional method gContactToJson()
is used when importing data.
Code Review Notes
Contacts data are XML data, parsed to JSON before being displayed to the user. This is the job of adaptDataForShowing()
.
There are two functions 'render' for rendering contacts:
- one in fb/friends_list.js with no sanitization only used for fb sync
- one in views/details.js: with sanitization in renderEmail, renderAddress, so on
The imported data are stored as is by adaptDataForSaving()
, which should be ok.
Facebook integration legacy issue:
- bug 851213 : Facebook import screen screen does not seem to escape contact data. The type of data we expect is known when adaptDataForShowin() is called, so it would be possible to check the data (email, address, etc).
Importing contacts from a SIM card
Not considering yet the on-going work about Dual SIM support. Documentation about the Radio Interface Layer (RIL) is available here
In the contacts app, the file handling the SIM contacts is utilities/import_sim_contacts
. It performs a call to readContacts()
from the IccManager.
Code Review Notes
The logic is handled in ril_worker
. The data is put in a Buf object (worker_buf
). It is then parsed in two functions in ril_worker.js
: readICCUCS2String
to get the contact id and reaDiallingNumber
to get the phone number.
The code is written in Javascript but looks intentionally like C. The parsing seems to be handled correctly (and I didn’t see any memory management problems at that level or in ipc/ril/Ril.cpp
).
Importing contacts from the SD card
The code is in:
- contacts/js/utilities/sdcard.js
- contacts/js/views/settings.js
It uses the deviceStorage API to get access to the SD card filesystem. It searches from files of types specified in settings.js:
utils.sdcard.retrieveFiles([ 'text/vcard', 'text/directory;profile=vCard', 'text/directory' ],...);
Text is imported with a VCFReader. Importing Contacts from the SD card required an exclusive access to its filesystem (it must not be shared in order to ensure data consistency).
Importing contacts from a vCard
The code is located in:
- utilities/import_from_vcard.js
It manipulates a file, which was received via Bluetooth: it uses a FileReader
to access the data.
A review of the bluetooth API/App has been performed separately.
Code Review Notes
The data is parsed in the file utilities/vcard_parser.js. It uses a custom decodeQP
function to decode Quoted-Printable encoding into UTF-8.
Exporting contacts
Exporting contacts is less sensitive from the perspective of the security of the device. The main risk is that the user enters bad data - which should be nonetheless sanitized before being stored on the phone - and synchronizes this data to external services.
Contacts can be exported to BT Yahoo!, the SIM card and the SD card.
In the Contacts app, the files dealing with export are in contacts/js/export/
:
- bt.js - export contacts to BT Yahoo!
- contacts_exporter.js - generic module to do contacts export
- sd.js - export contacts to SD card
- sim.js - export contacts to SIM card
- ../views/settings - the UI to launch the export