self-hosted/joplin
1
0
Fork 0
mirror of https://github.com/laurent22/joplin.git synced 2025-07-16 00:14:34 +02:00
Code Issues Releases Activity

Desktop: Security: Disallow UNC file links (#9979)

Browse Source
This commit is contained in:
Henry Heino
2024-02-22 13:29:16 -08:00
committed by GitHub
parent 4c5e708977
commit 836e23c082
8 changed files with 80 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
packages/utils/path.test.ts
View File

@ -1,4 +1,4 @@
import { extractExecutablePath, quotePath, toFileProtocolPath, unquotePath } from './path';
import { extractExecutablePath, isUncPath, quotePath, toFileProtocolPath, unquotePath } from './path';
describe('path', () => {
it('should quote and unquote paths', (async () => {
@ -55,4 +55,22 @@ describe('path', () => {
expect(toFileProtocolPath(t[0], 'linux')).toBe(t[1]);
}
}));
test.each([
['./a.txt', 'win32', false],
['./b.txt', 'win32', false],
['/home/foo/bar/baz', 'win32', false],
['./a.txt', 'posix', false],
['./b.txt', 'posix', false],
['/home/foo/bar/baz', 'posix', false],
['//LOCALHOST/', 'win32', true],
[' //LOCALHOST/', 'win32', true],
[' //example.com/a/b/c', 'win32', true],
['//LOCALHOST/', 'posix', false],
[' //example.com/a/b/c', 'posix', false],
['\\\\LOCALHOST/', 'win32', true],
])('should correctly detect UNC paths', (path, os, expected) => {
expect(isUncPath(path, os)).toBe(expected);
});
});