[Filesystem] Additional security checks for copyTo() method.

Fixes: UTC_filesystem_copyTo_moveTo_error
[Verification] [Verification] Wearable service UTC: 91/94
               Mobile TCT: 289/289

Change-Id: I69e302b46643239ba608a7188927c30a1c758221
Signed-off-by: Pawel Andruszkiewicz <p.andruszkie@samsung.com>

diff --git a/src/filesystem/js/file.js b/src/filesystem/js/file.js
index d7e10389a3c77627e89bba931cbe44a23221263b..c7d80b18cc2baaaa4b5933d7dd3502142c5b6726 100755 (executable)
--- a/src/filesystem/js/file.js
+++ b/src/filesystem/js/file.js
@@ -408,6 +408,35 @@ File.prototype.copyTo = function(originFilePath, destinationFilePath, overwrite,
     _realDestinationPath = _realDestinationPath + _realOriginalPath.split('/').pop();
   }
 
+  if (!args.overwrite) {
+    var resultNewPath = native_.callSync('File_statSync', {location: _realDestinationPath});
+    if (native_.isSuccess(resultNewPath)) {
+      setTimeout(function() {
+        native_.callIfPossible(args.onerror,
+            new WebAPIException(WebAPIException.IO_ERR, 'Overwrite is not allowed'));
+      }, 0);
+      return;
+    }
+  }
+
+  if (!commonFS_.f_isSubDir(_realOriginalPath, this.fullPath)) {
+    var m1 = 'Source file should be subdirectory of: ' + this.fullPath;
+    setTimeout(function() {
+      native_.callIfPossible(args.onerror,
+          new WebAPIException(WebAPIException.INVALID_VALUES_ERR, m1));
+    }, 0);
+    return;
+  }
+
+  if (!commonFS_.isLocationAllowed(_realDestinationPath)) {
+    var m2 = 'Destination is read only folder: ' + this.fullPath;
+    setTimeout(function() {
+      native_.callIfPossible(args.onerror,
+          new WebAPIException(WebAPIException.INVALID_VALUES_ERR, m2));
+    }, 0);
+    return;
+  }
+
   var data = {
     originFilePath: _realOriginalPath,
     destinationFilePath: _realDestinationPath,