gapplication: Validate types of well-known platform data keys

The platform data comes from the parent process, which should normally
be considered trusted (if we don’t trust it, it can do all sorts of
other things to mess this process up, such as setting
`LD_LIBRARY_PATH`).

However, it can also come from any process which calls `CommandLine`
over D-Bus, so always has to be able to handle untrusted input. In
particular, `v`-typed `GVariant`s must always have their dynamic type
validated before having values of a static type retrieved from them.

Includes unit tests.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904

gio/tests/gapplication.c

@@ -1447,7 +1447,7 @@ static void
 test_dbus_command_line (void)
 {
   GTestDBus *bus = NULL;
-  GVariantBuilder builder;
+  GVariantBuilder builder, builder2;
   GDBusMessage *message = NULL;
   GPtrArray *messages = NULL;  /* (element-type GDBusMessage) (owned) */
   gsize i;
@@ -1472,6 +1472,46 @@ test_dbus_command_line (void)
                                                    &builder, NULL));
   g_ptr_array_add (messages, g_steal_pointer (&message));
 
+  /* With platform data */
+  g_variant_builder_init (&builder, G_VARIANT_TYPE ("aay"));
+  g_variant_builder_add (&builder, "^ay", "test-program");
+  g_variant_builder_add (&builder, "^ay", "--open");
+  g_variant_builder_add (&builder, "^ay", "/path/to/something");
+
+  g_variant_builder_init (&builder2, G_VARIANT_TYPE ("a{sv}"));
+  g_variant_builder_add (&builder2, "{sv}", "cwd", g_variant_new_bytestring ("/home"));
+  g_variant_builder_add_parsed (&builder2, "{'environ', <@aay [ b'HOME=/home/bloop', b'PATH=/blah']>}");
+  g_variant_builder_add_parsed (&builder2, "{'options', <{'a': <@u 32>, 'b': <'bloop'>}>}");
+
+  message = g_dbus_message_new_method_call ("org.gtk.TestApplication.CommandLine",
+                                            "/org/gtk/TestApplication/CommandLine",
+                                            "org.gtk.Application",
+                                            "CommandLine");
+  g_dbus_message_set_body (message, g_variant_new ("(oaaya{sv})",
+                                                   "/my/org/gtk/private/CommandLine",
+                                                   &builder, &builder2));
+  g_ptr_array_add (messages, g_steal_pointer (&message));
+
+  /* With invalid typed platform data */
+  g_variant_builder_init (&builder, G_VARIANT_TYPE ("aay"));
+  g_variant_builder_add (&builder, "^ay", "test-program");
+  g_variant_builder_add (&builder, "^ay", "--open");
+  g_variant_builder_add (&builder, "^ay", "/path/to/something");
+
+  g_variant_builder_init (&builder2, G_VARIANT_TYPE ("a{sv}"));
+  g_variant_builder_add (&builder2, "{sv}", "cwd", g_variant_new_string ("/home should be a bytestring"));
+  g_variant_builder_add_parsed (&builder2, "{'environ', <['HOME=should be a bytestring', 'PATH=this also']>}");
+  g_variant_builder_add_parsed (&builder2, "{'options', <['should be a', 'dict']>}");
+
+  message = g_dbus_message_new_method_call ("org.gtk.TestApplication.CommandLine",
+                                            "/org/gtk/TestApplication/CommandLine",
+                                            "org.gtk.Application",
+                                            "CommandLine");
+  g_dbus_message_set_body (message, g_variant_new ("(oaaya{sv})",
+                                                   "/my/org/gtk/private/CommandLine",
+                                                   &builder, &builder2));
+  g_ptr_array_add (messages, g_steal_pointer (&message));
+
   /* Try each message */
   bus = g_test_dbus_new (G_TEST_DBUS_NONE);
   g_test_dbus_up (bus);