Add mechanism to selectively enable macros for document events

Change-Id: I56703b2c0ee009a645458c78c026c546b2e7e321
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112584
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
(cherry picked from commit 0a893a15b02a3662e3c68776be09534c9f955e4f)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114436
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114706

4 files changed, 63 insertions, 0 deletions

diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
index 7c0eb6c255d2..b317f616deeb 100644
--- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
+++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
@@ -2708,6 +2708,28 @@
           </info>
           <value>false</value>
         </prop>
+        <prop oor:name="CheckDocumentEvents" oor:type="xs:boolean" oor:nillable="false">
+          <info>
+            <desc>Warn on load when a document binds an event to a macro</desc>
+          </info>
+          <value>true</value>
+        </prop>
+        <prop oor:name="AllowedDocumentEventURLs" oor:type="oor:string-list">
+          <info>
+            <desc>List of script URLS which are allowed to be called by document events.
+            Look into content.xml of the odf file to find the URL.
+            You can either write the full URL, a part of it (starting from the beginning),
+            or use regular expressions.
+            Examples:
+              * vnd.sun.star.script:Standard.Module1.Main?language=Basic&amp;location=user
+              * vnd.sun.star.script:Standard.Module1
+              * vnd.sun.star.script:YourScript.*location=share
+              * .*location=application.*
+
+            When this list is empty, all document event URLs are allowed.
+            </desc>
+          </info>
+        </prop>
         <set oor:name="TrustedAuthors" oor:node-type="TrustedAuthor">
           <info>
             <desc>List with trusted authors.</desc>
diff --git a/sfx2/Library_sfx.mk b/sfx2/Library_sfx.mk
index 8f386caaa283..bf1dbea7b3c3 100644
--- a/sfx2/Library_sfx.mk
+++ b/sfx2/Library_sfx.mk
@@ -69,6 +69,9 @@ $(eval $(call gb_Library_use_libraries,sfx,\
 
 $(eval $(call gb_Library_use_externals,sfx,\
     boost_headers \
+    icu_headers \
+    icui18n \
+    icuuc \
     libxml2 \
     orcus \
     orcus-parser\
diff --git a/sfx2/source/inc/eventsupplier.hxx b/sfx2/source/inc/eventsupplier.hxx
index be6421416939..4624ed8b4907 100644
--- a/sfx2/source/inc/eventsupplier.hxx
+++ b/sfx2/source/inc/eventsupplier.hxx
@@ -86,6 +86,10 @@ public:
                                     ::comphelper::NamedValueCollection& o_normalizedDescriptor,
                                     SfxObjectShell* i_document );
     static void Execute( css::uno::Any const & aEventData, const css::document::DocumentEvent& aTrigger, SfxObjectShell* pDoc );
+
+private:
+    /// Check if script URL whitelist exists, and if so, if current script url is part of it
+    static bool isScriptURLAllowed(const OUString& aScriptURL);
 };
 
 #endif
diff --git a/sfx2/source/notify/eventsupplier.cxx b/sfx2/source/notify/eventsupplier.cxx
index e21130d6022c..12bf1ce828e5 100644
--- a/sfx2/source/notify/eventsupplier.cxx
+++ b/sfx2/source/notify/eventsupplier.cxx
@@ -23,6 +23,7 @@
 #include <com/sun/star/document/XScriptInvocationContext.hpp>
 #include <com/sun/star/util/URL.hpp>
 #include <com/sun/star/frame/Desktop.hpp>
+#include <com/sun/star/uno/Sequence.hxx>
 #include <com/sun/star/util/URLTransformer.hpp>
 #include <com/sun/star/util/XURLTransformer.hpp>
 #include <com/sun/star/uno/XInterface.hpp>
@@ -39,6 +40,7 @@
 #include <comphelper/processfactory.hxx>
 #include <comphelper/namedvaluecollection.hxx>
 #include <comphelper/sequence.hxx>
+#include <officecfg/Office/Common.hxx>
 #include <eventsupplier.hxx>
 
 #include <sfx2/app.hxx>
@@ -49,6 +51,10 @@
 #include <sfx2/frame.hxx>
 #include <macroloader.hxx>
 
+#include <unicode/errorcode.h>
+#include <unicode/regex.h>
+#include <unicode/unistr.h>
+
 using namespace css;
 using namespace ::com::sun::star;
 
@@ -178,6 +184,31 @@ namespace
     }
 }
 
+bool SfxEvents_Impl::isScriptURLAllowed(const OUString& aScriptURL)
+{
+    boost::optional<css::uno::Sequence<OUString>> allowedEvents(
+        officecfg::Office::Common::Security::Scripting::AllowedDocumentEventURLs::get());
+    // When AllowedDocumentEventURLs is empty, all event URLs are allowed
+    if (!allowedEvents)
+        return true;
+
+    icu::ErrorCode status;
+    const uint32_t rMatcherFlags = UREGEX_CASE_INSENSITIVE;
+    icu::UnicodeString usInput(aScriptURL.getStr());
+    const css::uno::Sequence<OUString>& rAllowedEvents = *allowedEvents;
+    for (auto const& allowedEvent : rAllowedEvents)
+    {
+        icu::UnicodeString usRegex(allowedEvent.getStr());
+        icu::RegexMatcher rmatch1(usRegex, usInput, rMatcherFlags, status);
+        if (aScriptURL.startsWith(allowedEvent) || rmatch1.matches(status))
+        {
+            return true;
+        }
+    }
+
+    return false;
+}
+
 void SfxEvents_Impl::Execute( uno::Any const & aEventData, const document::DocumentEvent& aTrigger, SfxObjectShell* pDoc )
 {
     uno::Sequence < beans::PropertyValue > aProperties;
@@ -216,6 +247,9 @@ void SfxEvents_Impl::Execute( uno::Any const & aEventData, const document::Docum
     if (aScript.isEmpty())
         return;
 
+    if (!isScriptURLAllowed(aScript))
+        return;
+
     if (!pDoc)
         pDoc = SfxObjectShell::Current();