mirror of
https://github.com/signalapp/Signal-Desktop.git
synced 2026-07-06 21:35:42 +01:00
A few improvements for the save attachment workflow
Co-authored-by: Scott Nonnenberg <scott@signal.org>
This commit is contained in:
@@ -4121,7 +4121,13 @@ function saveAttachment(
|
||||
return async dispatch => {
|
||||
const { fileName = '' } = attachment;
|
||||
|
||||
const isDangerous = isFileDangerous(fileName);
|
||||
const isDangerous = isFileDangerous(
|
||||
fileName ||
|
||||
Attachment.getSuggestedFilename({
|
||||
attachment,
|
||||
scenario: 'saving-locally',
|
||||
})
|
||||
);
|
||||
|
||||
if (isDangerous) {
|
||||
dispatch({
|
||||
@@ -4186,7 +4192,13 @@ function saveAttachments(
|
||||
for (const attachment of attachments) {
|
||||
const { fileName = '' } = attachment;
|
||||
|
||||
const isDangerous = isFileDangerous(fileName);
|
||||
const isDangerous = isFileDangerous(
|
||||
fileName ||
|
||||
Attachment.getSuggestedFilename({
|
||||
attachment,
|
||||
scenario: 'saving-locally',
|
||||
})
|
||||
);
|
||||
if (isDangerous) {
|
||||
dispatch({
|
||||
type: SHOW_TOAST,
|
||||
|
||||
@@ -49,6 +49,13 @@ describe('isFileDangerous', () => {
|
||||
assert.strictEqual(isFileDangerous('install.pif\t\n\n\n '), true);
|
||||
});
|
||||
|
||||
it('returns true for dangerous files that end in combination of . and whitespace', () => {
|
||||
assert.strictEqual(isFileDangerous('run.exe . . .... '), true);
|
||||
assert.strictEqual(isFileDangerous('install.pif .'), true);
|
||||
assert.strictEqual(isFileDangerous('install.pif\t.\n . '), true);
|
||||
assert.strictEqual(isFileDangerous('install.pif\t\n.\n\n .. .'), true);
|
||||
});
|
||||
|
||||
it('returns false for empty filename', () => {
|
||||
assert.strictEqual(isFileDangerous(''), false);
|
||||
});
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
// SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
const DANGEROUS_FILE_TYPES =
|
||||
/\.(ADE|ADP|APK|BAT|CAB|CHM|CMD|COM|CPL|DIAGCAB|DLL|DMG|EXE|HTA|INF|INS|ISP|JAR|JS|JSE|LIB|LNK|MDE|MHT|MSC|MSI|MSP|MST|NSH|PIF|PS1|PSC1|PSM1|PSRC|REG|SCR|SCT|SETTINGCONTENT-MS|SHB|SYS|VB|VBE|VBS|VXD|WSC|WSF|WSH)(\.|\s+)?$/i;
|
||||
/\.(ADE|ADP|APK|BAT|CAB|CHM|CMD|COM|CPL|DIAGCAB|DLL|DMG|EXE|HTA|INF|INS|ISP|JAR|JS|JSE|LIB|LNK|MDE|MHT|MSC|MSI|MSP|MST|NSH|PIF|PS1|PSC1|PSM1|PSRC|REG|SCR|SCT|SETTINGCONTENT-MS|SHB|SYS|VB|VBE|VBS|VXD|WSC|WSF|WSH)(\.|\s)*?$/i;
|
||||
|
||||
export function isFileDangerous(fileName: string): boolean {
|
||||
return DANGEROUS_FILE_TYPES.test(fileName);
|
||||
|
||||
Reference in New Issue
Block a user