diff --git a/packages/bruno-electron/src/ipc/collection.js b/packages/bruno-electron/src/ipc/collection.js index 30a891015..022ec9bc7 100644 --- a/packages/bruno-electron/src/ipc/collection.js +++ b/packages/bruno-electron/src/ipc/collection.js @@ -17,7 +17,8 @@ const { isWSLPath, normalizeWslPath, normalizeAndResolvePath, - safeToRename + safeToRename, + isValidFilename } = require('../utils/filesystem'); const { openCollectionDialog } = require('../app/collections'); const { generateUidBasedOnHash, stringifyJson, safeParseJSON, safeStringifyJSON } = require('../utils/common'); @@ -201,7 +202,9 @@ const registerRendererEventHandlers = (mainWindow, watcher, lastOpenedCollection if (fs.existsSync(pathname)) { throw new Error(`path: ${pathname} already exists`); } - + if (!isValidFilename(request.name)) { + throw new Error(`path: ${request.name}.bru is not a valid filename`); + } const content = jsonToBru(request); await writeFile(pathname, content); } catch (error) { @@ -366,6 +369,10 @@ const registerRendererEventHandlers = (mainWindow, watcher, lastOpenedCollection throw new Error(`path: ${oldPath} is not a bru file`); } + if (!isValidFilename(newName)) { + throw new Error(`path: ${newName} is not a valid filename`); + } + // update name in file and save new copy, then delete old copy const data = fs.readFileSync(oldPath, 'utf8'); const jsonData = bruToJson(data); diff --git a/packages/bruno-electron/src/utils/filesystem.js b/packages/bruno-electron/src/utils/filesystem.js index 0263939ae..a066edefc 100644 --- a/packages/bruno-electron/src/utils/filesystem.js +++ b/packages/bruno-electron/src/utils/filesystem.js @@ -160,6 +160,20 @@ const sanitizeDirectoryName = (name) => { return name.replace(/[<>:"/\\|?*\x00-\x1F]+/g, '-'); }; +const isValidFilename = (fileName) => { + const inValidChars = /[\\/:*?"<>|]/; + + if (!fileName || inValidChars.test(fileName)) { + return false; + } + + if (fileName.endsWith(' ') || fileName.endsWith('.') || fileName.startsWith('.')) { + return false; + } + + return true; +}; + const safeToRename = (oldPath, newPath) => { try { // If the new path doesn't exist, it's safe to rename @@ -204,5 +218,6 @@ module.exports = { searchForFiles, searchForBruFiles, sanitizeDirectoryName, - safeToRename + safeToRename, + isValidFilename };