From 879f5be1c2ac249759eaee0199315229eb773763 Mon Sep 17 00:00:00 2001
From: Mohamed Marrouchi <marrouchi.mohamed@gmail.com>
Date: Fri, 18 Oct 2024 18:02:23 +0100
Subject: [PATCH] fix: unit test + sanitize uploaded filename

---
 api/package-lock.json                         | 22 +++++++++++++++++++
 api/package.json                              |  1 +
 api/src/channel/lib/Handler.ts                |  2 --
 api/src/chat/services/block.service.spec.ts   |  3 ---
 .../channels/offline/base-web-channel.ts      |  7 +++---
 5 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/api/package-lock.json b/api/package-lock.json
index 54720c5..126fff0 100644
--- a/api/package-lock.json
+++ b/api/package-lock.json
@@ -51,6 +51,7 @@
         "patch-package": "^8.0.0",
         "reflect-metadata": "^0.1.13",
         "rxjs": "^7.8.1",
+        "sanitize-filename": "^1.6.3",
         "slug": "^8.2.2",
         "ts-migrate-mongoose": "^3.8.4",
         "uuid": "^9.0.1"
@@ -16980,6 +16981,14 @@
       "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
       "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
     },
+    "node_modules/sanitize-filename": {
+      "version": "1.6.3",
+      "resolved": "https://registry.npmjs.org/sanitize-filename/-/sanitize-filename-1.6.3.tgz",
+      "integrity": "sha512-y/52Mcy7aw3gRm7IrcGDFx/bCk4AhRh2eI9luHOQM86nZsqwiRkkq2GekHXBBD+SmPidc8i2PqtYZl+pWJ8Oeg==",
+      "dependencies": {
+        "truncate-utf8-bytes": "^1.0.0"
+      }
+    },
     "node_modules/sax": {
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz",
@@ -18114,6 +18123,14 @@
         "tree-kill": "cli.js"
       }
     },
+    "node_modules/truncate-utf8-bytes": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/truncate-utf8-bytes/-/truncate-utf8-bytes-1.0.2.tgz",
+      "integrity": "sha512-95Pu1QXQvruGEhv62XCMO3Mm90GscOCClvrIUwCM0PYOXK3kaF3l3sIHxx71ThJfcbM2O5Au6SO3AWCSEfW4mQ==",
+      "dependencies": {
+        "utf8-byte-length": "^1.0.1"
+      }
+    },
     "node_modules/ts-api-utils": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.0.3.tgz",
@@ -18657,6 +18674,11 @@
         "punycode": "^2.1.0"
       }
     },
+    "node_modules/utf8-byte-length": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/utf8-byte-length/-/utf8-byte-length-1.0.5.tgz",
+      "integrity": "sha512-Xn0w3MtiQ6zoz2vFyUVruaCL53O/DwUvkEeOvj+uulMm0BkUGYWmBYVyElqZaSLhY6ZD0ulfU3aBra2aVT4xfA=="
+    },
     "node_modules/util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
diff --git a/api/package.json b/api/package.json
index 39b2bbb..e3e0aac 100644
--- a/api/package.json
+++ b/api/package.json
@@ -72,6 +72,7 @@
     "patch-package": "^8.0.0",
     "reflect-metadata": "^0.1.13",
     "rxjs": "^7.8.1",
+    "sanitize-filename": "^1.6.3",
     "slug": "^8.2.2",
     "ts-migrate-mongoose": "^3.8.4",
     "uuid": "^9.0.1"
diff --git a/api/src/channel/lib/Handler.ts b/api/src/channel/lib/Handler.ts
index 05ca8ad..c14c1b0 100644
--- a/api/src/channel/lib/Handler.ts
+++ b/api/src/channel/lib/Handler.ts
@@ -27,8 +27,6 @@ import { ChannelSetting } from '../types';
 
 import EventWrapper from './EventWrapper';
 
-import EventWrapper from './EventWrapper';
-
 @Injectable()
 export default abstract class ChannelHandler<N extends string = string> {
   private readonly name: N;
diff --git a/api/src/chat/services/block.service.spec.ts b/api/src/chat/services/block.service.spec.ts
index a4824ce..72fae56 100644
--- a/api/src/chat/services/block.service.spec.ts
+++ b/api/src/chat/services/block.service.spec.ts
@@ -66,9 +66,6 @@ import { FileType } from '../schemas/types/attachment';
 import { Context } from '../schemas/types/context';
 import { PayloadType, StdOutgoingListMessage } from '../schemas/types/message';
 import { SubscriberContext } from '../schemas/types/subscriberContext';
-import { CategoryRepository } from './../repositories/category.repository';
-import { BlockService } from './block.service';
-import { CategoryService } from './category.service';
 
 import { CategoryRepository } from './../repositories/category.repository';
 import { BlockService } from './block.service';
diff --git a/api/src/extensions/channels/offline/base-web-channel.ts b/api/src/extensions/channels/offline/base-web-channel.ts
index 108879b..4c5a9c8 100644
--- a/api/src/extensions/channels/offline/base-web-channel.ts
+++ b/api/src/extensions/channels/offline/base-web-channel.ts
@@ -13,6 +13,7 @@ import { Injectable } from '@nestjs/common';
 import { EventEmitter2, OnEvent } from '@nestjs/event-emitter';
 import { Request, Response } from 'express';
 import multer, { diskStorage } from 'multer';
+import sanitize from 'sanitize-filename';
 import { Socket } from 'socket.io';
 import { v4 as uuidv4 } from 'uuid';
 
@@ -684,9 +685,9 @@ export default class BaseWebChannelHandler<
 
     // Store file as attachment
     const dirPath = path.join(config.parameters.uploadDir);
-    const filename = `${req.session.offline.profile.id}_${+new Date()}_${
-      upload.name
-    }`;
+    const filename = sanitize(
+      `${req.session.offline.profile.id}_${+new Date()}_${upload.name}`,
+    );
     if ('isSocket' in req && req.isSocket) {
       // @TODO : test this
       try {