Fix/invalid file name handling (#3274)

* feat: implement utility function `isValidFilename` * refactor: added filename validator checks for `rename-item` and `new-request` * chore: added `fileName.startsWith('.')`
2024-12-22 23:02:40 +01:00 · 2024-11-29 12:04:59 +05:30 · 2024-11-29 12:04:59 +05:30 · 707cddea90
commit 707cddea90
parent 39a44e9b4f
2 changed files with 25 additions and 3 deletions
--- a/packages/bruno-electron/src/ipc/collection.js
+++ b/packages/bruno-electron/src/ipc/collection.js
@ -17,7 +17,8 @@ const {
  isWSLPath,
  normalizeWslPath,
  normalizeAndResolvePath,
-  safeToRename
+  safeToRename,
+  isValidFilename
 } = require('../utils/filesystem');
 const { openCollectionDialog } = require('../app/collections');
 const { generateUidBasedOnHash, stringifyJson, safeParseJSON, safeStringifyJSON } = require('../utils/common');
@ -201,7 +202,9 @@ const registerRendererEventHandlers = (mainWindow, watcher, lastOpenedCollection
      if (fs.existsSync(pathname)) {
        throw new Error(`path: ${pathname} already exists`);
      }
-
+      if (!isValidFilename(request.name)) {
+        throw new Error(`path: ${request.name}.bru is not a valid filename`);
+      }
      const content = jsonToBru(request);
      await writeFile(pathname, content);
    } catch (error) {
@ -366,6 +369,10 @@ const registerRendererEventHandlers = (mainWindow, watcher, lastOpenedCollection
        throw new Error(`path: ${oldPath} is not a bru file`);
      }

+      if (!isValidFilename(newName)) {
+        throw new Error(`path: ${newName} is not a valid filename`);
+      }
+
      // update name in file and save new copy, then delete old copy
      const data = fs.readFileSync(oldPath, 'utf8');
      const jsonData = bruToJson(data);
--- a/packages/bruno-electron/src/utils/filesystem.js
+++ b/packages/bruno-electron/src/utils/filesystem.js
@ -160,6 +160,20 @@ const sanitizeDirectoryName = (name) => {
  return name.replace(/[<>:"/\\|?*\x00-\x1F]+/g, '-');
 };

+const isValidFilename = (fileName) => {
+  const inValidChars = /[\\/:*?"<>|]/;
+
+  if (!fileName || inValidChars.test(fileName)) {
+    return false;
+  }
+
+  if (fileName.endsWith(' ') || fileName.endsWith('.') || fileName.startsWith('.')) {
+    return false;
+  }
+
+  return true;
+};
+
 const safeToRename = (oldPath, newPath) => {
  try {
    // If the new path doesn't exist, it's safe to rename
@ -204,5 +218,6 @@ module.exports = {
  searchForFiles,
  searchForBruFiles,
  sanitizeDirectoryName,
-  safeToRename
+  safeToRename,
+  isValidFilename
 };