diff --git a/packages/app-desktop/bridge.ts b/packages/app-desktop/bridge.ts index a379de97c..3e01b1771 100644 --- a/packages/app-desktop/bridge.ts +++ b/packages/app-desktop/bridge.ts @@ -362,7 +362,7 @@ export class Bridge { if (await pathExists(fullPath)) { const fileExtension = extname(fullPath); const userAllowedExtension = this.extraAllowedOpenExtensions.includes(fileExtension); - if (userAllowedExtension || isSafeToOpen(fullPath)) { + if (userAllowedExtension || await isSafeToOpen(fullPath)) { return shell.openPath(fullPath); } else { const allowOpenId = 2; diff --git a/packages/app-desktop/utils/isSafeToOpen.test.ts b/packages/app-desktop/utils/isSafeToOpen.test.ts index 9439b451b..fa31489d1 100644 --- a/packages/app-desktop/utils/isSafeToOpen.test.ts +++ b/packages/app-desktop/utils/isSafeToOpen.test.ts @@ -1,10 +1,10 @@ import { remove, writeFile } from 'fs-extra'; import { createTempDir } from '@joplin/lib/testing/test-utils'; import { join } from 'path'; -import isUnsafeToOpen from './isSafeToOpen'; +import isSafeToOpen from './isSafeToOpen'; -describe('isUnsafeToOpen', () => { +describe('isSafeToOpen', () => { test.each([ { fileName: 'a.txt', expected: true }, { fileName: 'a.json', expected: true }, @@ -24,7 +24,7 @@ describe('isUnsafeToOpen', () => { try { const fullPath = join(tempDir, fileName); await writeFile(fullPath, 'test'); - expect(await isUnsafeToOpen(fullPath)).toBe(expected); + expect(await isSafeToOpen(fullPath)).toBe(expected); } finally { await remove(tempDir); } diff --git a/packages/app-desktop/utils/isSafeToOpen.ts b/packages/app-desktop/utils/isSafeToOpen.ts index b472b8f1b..2c3ebdcf8 100644 --- a/packages/app-desktop/utils/isSafeToOpen.ts +++ b/packages/app-desktop/utils/isSafeToOpen.ts @@ -1,6 +1,8 @@ +import { stat } from 'fs-extra'; +import { extname } from 'path'; -const isSafeToOpen = (path: string) => { +const isSafeToOpen = async (path: string) => { // This is intended to fix an issue where some platforms would execute attachment // files without confirmation depending on the file extension (e.g. .EXE). This is // mostly for Windows. @@ -173,6 +175,11 @@ const isSafeToOpen = (path: string) => { return true; } } + + if (extname(path) === '' && (await stat(path)).isDirectory()) { + return true; + } + return false; };