app.name may not be filesafe #1258
Comments
This was referenced Oct 7, 2024
|
@Black-Platypus Thanks for the PRs, I'll try to review them over next couple days |
ayushmanchhabra
added a commit
that referenced
this issue
Oct 9, 2024
* This mitigates potential path traversal. Fixes: #1258 --------- Co-authored-by: Ayushman Chhabra <14110965+ayushmanchhabra@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue Type
Current/Missing Behaviour
When using an app name that includes illegal characters for filenames, renaming nw.exe (etc) may fail or lead to unintended behavior (also maybe path traversal?)
Expected/Proposed Behaviour
The executable is renamed taking the above into account
Additional Info
Depending on whether the final executable path needs to be known after it was created or not, I think there should be a remedy either in the parsing stage or the renaming stage.
I would encourage getting everything prepared ahead of taking any action, so I'd like to suggest ideally having a theoretical stage where everything is prepared, or at least making sure the
app.nameis file safe in the parsing stage, to minimize issues arising from potential differences betweenapp.nameand the resulting executable name.The text was updated successfully, but these errors were encountered: