pezkuwichain/pezkuwi-ui
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-ui.git synced 2026-06-11 23:11:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add key validation for FileStore (#830)

Browse Source
This commit is contained in:
Tarik Gul
2025-04-02 07:01:11 -07:00
committed by GitHub
parent 4dc82926f2
commit 1a6fde78fd
1 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/ui-keyring/src/stores/File.ts
+26
View File
@@ -19,6 +19,28 @@ export class FileStore implements KeyringStore {
this.#path = path;
}
private validateKey (key: string): boolean {
// Make sure the key has a .json extension
if (!key.endsWith('.json')) {
console.error('Non-JSON file requested: ', key);
return false;
}
// Remove '.json'
const keyWithoutExtension = key.slice(0, -5);
// Only allow alphanumeric characters, hyphens, and underscores in the base filename
const safeKeyRegex = /^[a-zA-Z0-9_-]+$/;
if (!safeKeyRegex.test(keyWithoutExtension)) {
console.error('Invalid key format detected: ', key);
return false;
}
return true;
}
public all (fn: (key: string, value: KeyringJson) => void): void {
fs
.readdirSync(this.#path)
@@ -51,6 +73,10 @@ export class FileStore implements KeyringStore {
}
private _getPath (key: string): string {
if (!this.validateKey(key)) {
throw new Error('Invalid key format');
}
return path.join(this.#path, key);
}