1
0
mirror of https://github.com/schollz/croc.git synced 2024-11-28 01:16:10 +03:00

escape filenames that have invisible characters while allowing other languages

Fixes #712
This commit is contained in:
Zack 2024-05-25 08:59:38 -07:00
parent dff34fa7fc
commit a2e71c7e1a
3 changed files with 24 additions and 12 deletions

View File

@ -1209,8 +1209,7 @@ func (c *Client) processMessageFileInfo(m message.Message) (done bool, err error
if strings.Contains(c.FilesToTransfer[i].FolderRemote, ".ssh") { if strings.Contains(c.FilesToTransfer[i].FolderRemote, ".ssh") {
return true, fmt.Errorf("invalid path detected: '%s'", fi.FolderRemote) return true, fmt.Errorf("invalid path detected: '%s'", fi.FolderRemote)
} }
// Issue #595 - disallow filenames with anything but 0-9a-zA-Z.-_. and / characters // Issue #595 - disallow filenames with invisible characters
if !utils.ValidFileName(path.Join(c.FilesToTransfer[i].FolderRemote, fi.Name)) { if !utils.ValidFileName(path.Join(c.FilesToTransfer[i].FolderRemote, fi.Name)) {
return true, fmt.Errorf("invalid filename detected: '%s'", fi.Name) return true, fmt.Errorf("invalid filename detected: '%s'", fi.Name)
} }

View File

@ -21,6 +21,7 @@ import (
"path/filepath" "path/filepath"
"strings" "strings"
"time" "time"
"unicode"
"github.com/cespare/xxhash" "github.com/cespare/xxhash"
"github.com/kalafut/imohash" "github.com/kalafut/imohash"
@ -485,16 +486,21 @@ func UnzipDirectory(destination string, source string) error {
} }
// ValidFileName checks if a filename is valid // ValidFileName checks if a filename is valid
// and returns true only if it all of the characters are either // by making sure it has no invisible characters
// 0-9, a-z, A-Z, ., _, -, space, or /
func ValidFileName(fname string) bool { func ValidFileName(fname string) bool {
for _, r := range fname { clean1 := strings.Map(func(r rune) rune {
if !((r >= '0' && r <= '9') || if unicode.IsGraphic(r) {
(r >= 'a' && r <= 'z') || return r
(r >= 'A' && r <= 'Z') ||
r == '.' || r == '_' || r == '-' || r == ' ' || r == '/') {
return false
} }
} return -1
return true }, fname)
clean2 := strings.Map(func(r rune) rune {
if unicode.IsPrint(r) {
return r
}
return -1
}, fname)
return (fname == clean1) && (fname == clean2)
} }

View File

@ -231,3 +231,10 @@ func TestFindOpenPorts(t *testing.T) {
func TestIsLocalIP(t *testing.T) { func TestIsLocalIP(t *testing.T) {
assert.True(t, IsLocalIP("192.168.0.14:9009")) assert.True(t, IsLocalIP("192.168.0.14:9009"))
} }
func TestValidFileName(t *testing.T) {
// contains regular characters
assert.True(t, ValidFileName("中文.csl"))
// contains invisible character
assert.False(t, ValidFileName("D中文.cslouglas"))
}