From 359b6e02d99ce1cbcfcc99a42962869bddb0b92c Mon Sep 17 00:00:00 2001 From: Oleksii Holub <1935960+Tyrrrz@users.noreply.github.com> Date: Mon, 7 Oct 2024 17:55:17 +0300 Subject: [PATCH] PM-12102 | Fix LastPass importer not properly de-encrypting URLs (#11366) * PM-12102 | Fix LastPass importer not properly de-encrypting URLs * Reuse the original code for the unencrypted path * Add some comments --- .../importers/lastpass/access/services/parser.ts | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/libs/importer/src/importers/lastpass/access/services/parser.ts b/libs/importer/src/importers/lastpass/access/services/parser.ts index 19ef55bc73..31efadd6c0 100644 --- a/libs/importer/src/importers/lastpass/access/services/parser.ts +++ b/libs/importer/src/importers/lastpass/access/services/parser.ts @@ -22,7 +22,7 @@ export class Parser { /* May return null when the chunk does not represent an account. All secure notes are ACCTs but not all of them store account information. - + TODO: Add a test for the folder case! TODO: Add a test case that covers secure note account! */ @@ -60,9 +60,17 @@ export class Parser { // 3: url step = 3; - let url = Utils.fromBufferToUtf8( - this.decodeHexLoose(Utils.fromBufferToUtf8(this.readItem(reader))), - ); + const urlEncoded = this.readItem(reader); + let url = + urlEncoded.length > 0 && urlEncoded[0] === 33 // 33 = '!' + ? // URL is encrypted + await this.cryptoUtils.decryptAes256PlainWithDefault( + urlEncoded, + encryptionKey, + placeholder, + ) + : // URL is not encrypted + Utils.fromBufferToUtf8(this.decodeHexLoose(Utils.fromBufferToUtf8(urlEncoded))); // Ignore "group" accounts. They have no credentials. if (url == "http://group") {