app.name may not be filesafe
Black-Platypus opened this issue · 2 comments
Issue Type
- Bug Report
- Feature Request
- Other
Current/Missing Behaviour
When using an app name that includes illegal characters for filenames, renaming nw.exe (etc) may fail or lead to unintended behavior (also maybe path traversal?)
Expected/Proposed Behaviour
The executable is renamed taking the above into account
Additional Info
- Package version: 4.11.3
- Operating System: Windows 10 x64
- Node version: v20.9.0, 22.7.0
- NW.js version: 0.92.0
Depending on whether the final executable path needs to be known after it was created or not, I think there should be a remedy either in the parsing stage or the renaming stage.
I would encourage getting everything prepared ahead of taking any action, so I'd like to suggest ideally having a theoretical stage where everything is prepared, or at least making sure the app.name
is file safe in the parsing stage, to minimize issues arising from potential differences between app.name
and the resulting executable name.
@Black-Platypus Thanks for the PRs, I'll try to review them over next couple days