Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(util): strip special and control characters from app.name #1259

Merged

Conversation

Black-Platypus
Copy link
Contributor

@Black-Platypus Black-Platypus commented Oct 7, 2024

  • This mitigates potential path traversal.

Fixes: #1258

@Black-Platypus Black-Platypus mentioned this pull request Oct 7, 2024
3 tasks
@ayushmanchhabra ayushmanchhabra changed the title Make app.name filesafe in util.parse fix(util): strip special and control characters from app.name Oct 8, 2024
src/util.js Outdated Show resolved Hide resolved
@ayushmanchhabra ayushmanchhabra merged commit b035bc3 into nwutils:main Oct 9, 2024
3 checks passed
@Black-Platypus
Copy link
Contributor Author

Wow, amazing 🙌
I'm sorry, I saw the failed tests and noticed that my VS Code + ESLint setup was not seeing the eslint.config.js config for some reason and tried to figure out why it wasn't working, which had me side-track down a rabbit hole of my node/npm configs this morning, then I had an appointment that literally just ended 😅
I meant to get things working and conform things to the linter settings, but you got there before me. Thank you, and sorry for the extra work 😬

@Black-Platypus Black-Platypus deleted the Windows-Filesafe-app.name branch October 9, 2024 15:57
@ayushmanchhabra
Copy link
Collaborator

Wow, amazing 🙌 I'm sorry, I saw the failed tests and noticed that my VS Code + ESLint setup was not seeing the eslint.config.js config for some reason and tried to figure out why it wasn't working, which had me side-track down a rabbit hole of my node/npm configs this morning, then I had an appointment that literally just ended 😅 I meant to get things working and conform things to the linter settings, but you got there before me. Thank you, and sorry for the extra work 😬

All good, no problem!

ayushmanchhabra pushed a commit that referenced this pull request Oct 13, 2024
🤖 I have created a release *beep* *boop*
---


##
[4.11.4](v4.11.3...v4.11.4)
(2024-10-13)


### Bug Fixes

* **util:** strip special and control characters from app.name
([#1259](#1259))
([b035bc3](b035bc3))


### Chores

* **deps:** bump actions/checkout from 4.2.0 to 4.2.1 in
/.github/workflows in the gha group
([#1273](#1273))
([3165f2b](3165f2b))
* **deps:** bump the npm group across 1 directory with 7 updates
([#1275](#1275))
([5f26f21](5f26f21))
* **deps:** drop Dependabot support for v3 branch
([19cf479](19cf479))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

app.name may not be filesafe
2 participants