From 4df52c5349a618f09432cf4bb374dc6e019f5ceb Mon Sep 17 00:00:00 2001 From: Evan Hahn <69474926+EvanHahn-Signal@users.noreply.github.com> Date: Mon, 10 Aug 2020 15:13:06 -0500 Subject: [PATCH] Add 9 dangerous extensions and ignore trailing dot --- ts/test/util/isFileDangerous_test.ts | 14 ++++++++++++++ ts/util/isFileDangerous.ts | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/ts/test/util/isFileDangerous_test.ts b/ts/test/util/isFileDangerous_test.ts index 3c6097e3cc..3a0259e250 100644 --- a/ts/test/util/isFileDangerous_test.ts +++ b/ts/test/util/isFileDangerous_test.ts @@ -18,6 +18,20 @@ describe('isFileDangerous', () => { assert.strictEqual(isFileDangerous('install.pif'), true); }); + it('returns true for Microsoft settings files', () => { + assert.strictEqual(isFileDangerous('downl.SettingContent-ms'), true); + }); + + it('returns false for non-dangerous files that end in ".", which can happen on Windows', () => { + assert.strictEqual(isFileDangerous('dog.png.'), false); + assert.strictEqual(isFileDangerous('resume.docx.'), false); + }); + + it('returns true for dangerous files that end in ".", which can happen on Windows', () => { + assert.strictEqual(isFileDangerous('run.exe.'), true); + assert.strictEqual(isFileDangerous('install.pif.'), true); + }); + it('returns false for empty filename', () => { assert.strictEqual(isFileDangerous(''), false); }); diff --git a/ts/util/isFileDangerous.ts b/ts/util/isFileDangerous.ts index 2d39baa1cd..50653c50c2 100644 --- a/ts/util/isFileDangerous.ts +++ b/ts/util/isFileDangerous.ts @@ -1,5 +1,5 @@ // tslint:disable-next-line max-line-length -const DANGEROUS_FILE_TYPES = /\.(ADE|ADP|APK|BAT|CHM|CMD|COM|CPL|DLL|DMG|EXE|HTA|INS|ISP|JAR|JS|JSE|LIB|LNK|MDE|MSC|MSI|MSP|MST|NSH|PIF|SCR|SCT|SHB|SYS|VB|VBE|VBS|VXD|WSC|WSF|WSH|CAB)$/i; +const DANGEROUS_FILE_TYPES = /\.(ADE|ADP|APK|BAT|CAB|CHM|CMD|COM|CPL|DIAGCAB|DLL|DMG|EXE|HTA|INF|INS|ISP|JAR|JS|JSE|LIB|LNK|MDE|MHT|MSC|MSI|MSP|MST|NSH|PIF|PS1|PSC1|PSM1|PSRC|REG|SCR|SCT|SETTINGCONTENT-MS|SHB|SYS|VB|VBE|VBS|VXD|WSC|WSF|WSH)\.?$/i; export function isFileDangerous(fileName: string): boolean { return DANGEROUS_FILE_TYPES.test(fileName);