Desktop: Security: Disallow UNC file links (#9979)

2025-07-16 00:14:34 +02:00 · 2024-02-22 13:29:16 -08:00
parent 4c5e708977
commit 836e23c082
8 changed files with 80 additions and 20 deletions
--- a/packages/utils/path.ts
+++ b/packages/utils/path.ts
@ -94,6 +94,13 @@ export function trimSlashes(path: string): string {
 	return ltrimSlashes(rtrimSlashes(path));
 }

+// UNC paths can point to network drives and thus can be dangerous to open
+// on some Windows devices.
+// See https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/62e862f4-2a51-452e-8eeb-dc4ff5ee33cc
+export const isUncPath = (path: string, os: string|null = null) => {
+	return toSystemSlashes(path.trim(), os).startsWith('\\\\');
+};
+
 export function quotePath(path: string) {
 	if (!path) return '';
 	if (path.indexOf('"') < 0 && path.indexOf(' ') < 0) return path;