Add mechanism to selectively enable macros for document events

Change-Id: I56703b2c0ee009a645458c78c026c546b2e7e321
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112584
Tested-by: Jenkins
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>

3 files changed, 41 insertions, 0 deletions

diff --git a/sfx2/Library_sfx.mk b/sfx2/Library_sfx.mk
index b5126ca87893..34ea74dfe38c 100644
--- a/sfx2/Library_sfx.mk
+++ b/sfx2/Library_sfx.mk
@@ -69,6 +69,9 @@ $(eval $(call gb_Library_use_libraries,sfx,\
 
 $(eval $(call gb_Library_use_externals,sfx,\
     boost_headers \
+    icu_headers \
+    icui18n \
+    icuuc \
     libxml2 \
     orcus \
     orcus-parser\
diff --git a/sfx2/source/inc/eventsupplier.hxx b/sfx2/source/inc/eventsupplier.hxx
index b6d63a09ea59..3aa73a7ffc8d 100644
--- a/sfx2/source/inc/eventsupplier.hxx
+++ b/sfx2/source/inc/eventsupplier.hxx
@@ -78,6 +78,10 @@ public:
                                     ::comphelper::NamedValueCollection& o_normalizedDescriptor,
                                     SfxObjectShell* i_document );
     static void Execute( css::uno::Any const & aEventData, const css::document::DocumentEvent& aTrigger, SfxObjectShell* pDoc );
+
+private:
+    /// Check if script URL whitelist exists, and if so, if current script url is part of it
+    static bool isScriptURLAllowed(const OUString& aScriptURL);
 };
 
 #endif
diff --git a/sfx2/source/notify/eventsupplier.cxx b/sfx2/source/notify/eventsupplier.cxx
index 57c8ebe31751..091ed963de90 100644
--- a/sfx2/source/notify/eventsupplier.cxx
+++ b/sfx2/source/notify/eventsupplier.cxx
@@ -21,6 +21,7 @@
 
 #include <com/sun/star/util/URL.hpp>
 #include <com/sun/star/frame/Desktop.hpp>
+#include <com/sun/star/uno/Sequence.hxx>
 #include <com/sun/star/util/URLTransformer.hpp>
 #include <com/sun/star/util/XURLTransformer.hpp>
 #include <tools/urlobj.hxx>
@@ -33,6 +34,7 @@
 #include <comphelper/processfactory.hxx>
 #include <comphelper/namedvaluecollection.hxx>
 #include <comphelper/sequence.hxx>
+#include <officecfg/Office/Common.hxx>
 #include <eventsupplier.hxx>
 
 #include <sfx2/app.hxx>
@@ -41,6 +43,10 @@
 #include <sfx2/frame.hxx>
 #include <macroloader.hxx>
 
+#include <unicode/errorcode.h>
+#include <unicode/regex.h>
+#include <unicode/unistr.h>
+
 using namespace css;
 using namespace ::com::sun::star;
 
@@ -147,6 +153,31 @@ sal_Bool SAL_CALL SfxEvents_Impl::hasElements()
     return maEventNames.hasElements();
 }
 
+bool SfxEvents_Impl::isScriptURLAllowed(const OUString& aScriptURL)
+{
+    std::optional<css::uno::Sequence<OUString>> allowedEvents(
+        officecfg::Office::Common::Security::Scripting::AllowedDocumentEventURLs::get());
+    // When AllowedDocumentEventURLs is empty, all event URLs are allowed
+    if (!allowedEvents)
+        return true;
+
+    icu::ErrorCode status;
+    const uint32_t rMatcherFlags = UREGEX_CASE_INSENSITIVE;
+    icu::UnicodeString usInput(aScriptURL.getStr());
+    const css::uno::Sequence<OUString>& rAllowedEvents = *allowedEvents;
+    for (auto const& allowedEvent : rAllowedEvents)
+    {
+        icu::UnicodeString usRegex(allowedEvent.getStr());
+        icu::RegexMatcher rmatch1(usRegex, usInput, rMatcherFlags, status);
+        if (aScriptURL.startsWith(allowedEvent) || rmatch1.matches(status))
+        {
+            return true;
+        }
+    }
+
+    return false;
+}
+
 void SfxEvents_Impl::Execute( uno::Any const & aEventData, const document::DocumentEvent& aTrigger, SfxObjectShell* pDoc )
 {
     uno::Sequence < beans::PropertyValue > aProperties;
@@ -185,6 +216,9 @@ void SfxEvents_Impl::Execute( uno::Any const & aEventData, const document::Docum
     if (aScript.isEmpty())
         return;
 
+    if (!isScriptURLAllowed(aScript))
+        return;
+
     if (!pDoc)
         pDoc = SfxObjectShell::Current();