u2a 3.3.1 → 3.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/package.json +1 -1
  2. package/src/commands/create.js +7 -7
  3. package/src/utils/sanitize.js +16 -2
  4. package/src/utils/securexec.js +13 -0
  5. package/src/utils/url.js +3 -2
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "u2a",
3
- "version": "3.3.1",
3
+ "version": "3.4.1",
4
4
  "description": "URL to App - Turn any URL into a desktop application",
5
5
  "main": "src/index.js",
6
6
  "bin": {
package/src/commands/create.js CHANGED
@@ -1,12 +1,12 @@
1
1
  const fs = require('fs');
2
2
  const path = require('path');
3
- const { execSync } = require('child_process');
4
3
  const { normalizeUrl, getDomainName } = require('../utils/url');
5
4
  const { getFavicon, processFavicon } = require('../utils/favicon');
6
5
  const { APPS_DIR, readDB, writeDB } = require('../utils/config');
7
6
  const Logger = require('../utils/logger');
8
7
  const os = require('os');
9
8
  const { sanitizeInput } = require('../utils/sanitize');
9
+ const { secureExec } = require('../utils/securexec');
10
10
 
11
11
  const logger = new Logger('create');
12
12
 
@@ -38,7 +38,7 @@ function createWindowsShortcut(appInfo) {
38
38
  const tempScriptPath = path.join(os.tmpdir(), `create_shortcut_${appName}.ps1`);
39
39
  fs.writeFileSync(tempScriptPath, psScript);
40
40
 
41
- execSync(`powershell -ExecutionPolicy Bypass -File "${tempScriptPath}"`, {
41
+ secureExec(`powershell -ExecutionPolicy Bypass -File "${tempScriptPath}"`, {
42
42
  stdio: ['ignore', 'pipe', 'pipe'],
43
43
  windowsHide: true
44
44
  });
@@ -555,7 +555,7 @@ async function buildExecutable(appDir, appName, platform, iconPath, options) {
555
555
  windowsHide: true
556
556
  };
557
557
 
558
- execSync('npm install --save-dev electron-packager electron', installOptions);
558
+ secureExec('npm install --save-dev electron-packager electron', installOptions);
559
559
 
560
560
  let platformFlag = '';
561
561
  let archFlag = `--arch=${options.arch || 'x64'}`;
@@ -585,7 +585,7 @@ async function buildExecutable(appDir, appName, platform, iconPath, options) {
585
585
 
586
586
  logger.debug(`Executing: ${packageCommand}`);
587
587
 
588
- execSync(packageCommand, installOptions);
588
+ secureExec(packageCommand, installOptions);
589
589
 
590
590
  let distPlatform = '';
591
591
  switch(platform) {
@@ -631,7 +631,7 @@ async function buildSetup(appDir, platform, arch) {
631
631
  windowsHide: true
632
632
  };
633
633
 
634
- execSync('npm install --save-dev electron-builder', installOptions);
634
+ secureExec('npm install --save-dev electron-builder', installOptions);
635
635
 
636
636
  let builderArgs = '';
637
637
  switch(platform) {
@@ -654,7 +654,7 @@ async function buildSetup(appDir, platform, arch) {
654
654
 
655
655
  const builderCommand = `npx electron-builder ${builderArgs}`;
656
656
  logger.debug(`Executing: ${builderCommand}`);
657
- execSync(builderCommand, installOptions);
657
+ secureExec(builderCommand, installOptions);
658
658
 
659
659
  const installerPath = path.join(appDir, 'installer');
660
660
  if (fs.existsSync(installerPath)) {
@@ -712,7 +712,7 @@ async function createApp(url, options) {
712
712
  windowsHide: true
713
713
  };
714
714
 
715
- execSync('npm install --only=prod', installOptions);
715
+ secureExec('npm install --only=prod', installOptions);
716
716
  logger.debug(`npm install completed`);
717
717
 
718
718
  let executablePath = null;
package/src/utils/sanitize.js CHANGED
@@ -1,7 +1,21 @@
1
+ const Logger = require('./logger');
2
+ const logger = new Logger('sanitize');
3
+
4
+
1
5
  function sanitizeInput(userInput) {
2
- return userInput.replace(/[^a-zA-Z0-9_-\s.]/g, '_');
6
+ const sInput = userInput.replace(/[^a-zA-Z0-9_\-.\s:/@%]/g, '_');
7
+ logger.debug(`Original content: ${userInput} | Sanitized content: ${sInput}`);
8
+ return sInput;
3
9
  }
4
10
 
11
+ function sanitizeCommand(command) {
12
+ const sCommand = command.replace(/[^\w\-.:/@\\ ="']/g, '_');
13
+ logger.debug(`Original content: ${command} | Sanitized content: ${sCommand}`);
14
+ return sCommand;
15
+ }
16
+
17
+
5
18
  module.exports = {
6
- sanitizeInput
19
+ sanitizeInput,
20
+ sanitizeCommand
7
21
  }
package/src/utils/securexec.js ADDED
@@ -0,0 +1,13 @@
1
+ const { execSync } = require('child_process');
2
+ const { sanitizeCommand } = require('./sanitize');
3
+
4
+ function secureExec(command, options = {}) {
5
+ const sanitizedCommand = sanitizeCommand(command);
6
+ const result = execSync(sanitizedCommand, options);
7
+
8
+ return result;
9
+ }
10
+
11
+ module.exports = {
12
+ secureExec
13
+ }
package/src/utils/url.js CHANGED
@@ -1,4 +1,5 @@
1
1
  const axios = require('axios');
2
+ const { sanitizeInput } = require('./sanitize');
2
3
 
3
4
  async function normalizeUrl(url) {
4
5
  if (!url.startsWith('http://') && !url.startsWith('https://')) {
@@ -9,7 +10,7 @@ async function normalizeUrl(url) {
9
10
  url = 'http://' + url;
10
11
  }
11
12
  }
12
- return url;
13
+ return sanitizeInput(url);
13
14
  }
14
15
 
15
16
  function getDomainName(url) {
@@ -17,7 +18,7 @@ function getDomainName(url) {
17
18
  const { hostname } = new URL(url);
18
19
  return hostname.replace(/^www\./, '');
19
20
  } catch (error) {
20
- return url;
21
+ return sanitizeInput(url);
21
22
  }
22
23
  }
23
24