From 52bdd02a4b7b17e5821f96faa04d2c280d7e27c9 Mon Sep 17 00:00:00 2001 From: Alexis Svinartchouk Date: Wed, 10 Jun 2020 14:48:44 +0200 Subject: [PATCH] Check that argument is an url or a regular file before opening Changelog-entry: Check that argument is an url or a regular file before opening Change-type: patch --- lib/gui/etcher.ts | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/lib/gui/etcher.ts b/lib/gui/etcher.ts index 76cf50b5..afb7842a 100644 --- a/lib/gui/etcher.ts +++ b/lib/gui/etcher.ts @@ -17,6 +17,7 @@ import { delay } from 'bluebird'; import * as electron from 'electron'; import { autoUpdater } from 'electron-updater'; +import { promises as fs } from 'fs'; import { platform } from 'os'; import * as _ from 'lodash'; import * as path from 'path'; @@ -57,7 +58,17 @@ async function checkForUpdates(interval: number) { } } -function getCommandLineURL(argv: string[]): string | undefined { +async function isFile(filePath: string): Promise { + try { + const stat = await fs.stat(filePath); + return stat.isFile(); + } catch { + // noop + } + return false; +} + +async function getCommandLineURL(argv: string[]): Promise { argv = argv.slice(electron.app.isPackaged ? 1 : 2); if (argv.length) { const value = argv[argv.length - 1]; @@ -69,6 +80,14 @@ function getCommandLineURL(argv: string[]): string | undefined { if (platform() === 'darwin' && value.startsWith('-psn_')) { return; } + if ( + !value.startsWith('http://') && + !value.startsWith('https://') && + !value.startsWith(scheme) && + !(await isFile(value)) + ) { + return; + } return value; } } @@ -204,9 +223,9 @@ async function main(): Promise { window.restore(); } window.focus(); - await selectImageURL(getCommandLineURL(argv)); + await selectImageURL(await getCommandLineURL(argv)); }); - await selectImageURL(getCommandLineURL(process.argv)); + await selectImageURL(await getCommandLineURL(process.argv)); } }