fix: unit test + sanitize uploaded filename

2024-11-24 04:53:41 +00:00 · 2024-10-18 18:02:23 +01:00 · 2024-10-18 18:02:23 +01:00 · 879f5be1c2
commit 879f5be1c2
parent 85cc85e4db
5 changed files with 27 additions and 8 deletions
--- a/api/package-lock.json
+++ b/api/package-lock.json
@ -51,6 +51,7 @@
        "patch-package": "^8.0.0",
        "reflect-metadata": "^0.1.13",
        "rxjs": "^7.8.1",
        "sanitize-filename": "^1.6.3",
        "slug": "^8.2.2",
        "ts-migrate-mongoose": "^3.8.4",
        "uuid": "^9.0.1"
@ -16980,6 +16981,14 @@
      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
    },
    "node_modules/sanitize-filename": {
      "version": "1.6.3",
      "resolved": "https://registry.npmjs.org/sanitize-filename/-/sanitize-filename-1.6.3.tgz",
      "integrity": "sha512-y/52Mcy7aw3gRm7IrcGDFx/bCk4AhRh2eI9luHOQM86nZsqwiRkkq2GekHXBBD+SmPidc8i2PqtYZl+pWJ8Oeg==",
      "dependencies": {
        "truncate-utf8-bytes": "^1.0.0"
      }
    },
    "node_modules/sax": {
      "version": "1.3.0",
      "resolved": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz",
@ -18114,6 +18123,14 @@
        "tree-kill": "cli.js"
      }
    },
    "node_modules/truncate-utf8-bytes": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/truncate-utf8-bytes/-/truncate-utf8-bytes-1.0.2.tgz",
      "integrity": "sha512-95Pu1QXQvruGEhv62XCMO3Mm90GscOCClvrIUwCM0PYOXK3kaF3l3sIHxx71ThJfcbM2O5Au6SO3AWCSEfW4mQ==",
      "dependencies": {
        "utf8-byte-length": "^1.0.1"
      }
    },
    "node_modules/ts-api-utils": {
      "version": "1.0.3",
      "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.0.3.tgz",
@ -18657,6 +18674,11 @@
        "punycode": "^2.1.0"
      }
    },
    "node_modules/utf8-byte-length": {
      "version": "1.0.5",
      "resolved": "https://registry.npmjs.org/utf8-byte-length/-/utf8-byte-length-1.0.5.tgz",
      "integrity": "sha512-Xn0w3MtiQ6zoz2vFyUVruaCL53O/DwUvkEeOvj+uulMm0BkUGYWmBYVyElqZaSLhY6ZD0ulfU3aBra2aVT4xfA=="
    },
    "node_modules/util-deprecate": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
--- a/api/package.json
+++ b/api/package.json
@ -72,6 +72,7 @@
    "patch-package": "^8.0.0",
    "reflect-metadata": "^0.1.13",
    "rxjs": "^7.8.1",
    "sanitize-filename": "^1.6.3",
    "slug": "^8.2.2",
    "ts-migrate-mongoose": "^3.8.4",
    "uuid": "^9.0.1"
--- a/api/src/channel/lib/Handler.ts
+++ b/api/src/channel/lib/Handler.ts
@ -27,8 +27,6 @@ import { ChannelSetting } from '../types';
 import EventWrapper from './EventWrapper';
 import EventWrapper from './EventWrapper';
@Injectable()
 export default abstract class ChannelHandler<N extends string = string> {
  private readonly name: N;
--- a/api/src/chat/services/block.service.spec.ts
+++ b/api/src/chat/services/block.service.spec.ts
@ -66,9 +66,6 @@ import { FileType } from '../schemas/types/attachment';
 import { Context } from '../schemas/types/context';
 import { PayloadType, StdOutgoingListMessage } from '../schemas/types/message';
 import { SubscriberContext } from '../schemas/types/subscriberContext';
 import { CategoryRepository } from './../repositories/category.repository';
 import { BlockService } from './block.service';
 import { CategoryService } from './category.service';
 import { CategoryRepository } from './../repositories/category.repository';
 import { BlockService } from './block.service';
--- a/api/src/extensions/channels/offline/base-web-channel.ts
+++ b/api/src/extensions/channels/offline/base-web-channel.ts
@ -13,6 +13,7 @@ import { Injectable } from '@nestjs/common';
 import { EventEmitter2, OnEvent } from '@nestjs/event-emitter';
 import { Request, Response } from 'express';
 import multer, { diskStorage } from 'multer';
 import sanitize from 'sanitize-filename';
 import { Socket } from 'socket.io';
 import { v4 as uuidv4 } from 'uuid';
@ -684,9 +685,9 @@ export default class BaseWebChannelHandler<
    // Store file as attachment
    const dirPath = path.join(config.parameters.uploadDir);
-    const filename = `${req.session.offline.profile.id}_${+new Date()}_${
+    const filename = sanitize(
-      upload.name
+      `${req.session.offline.profile.id}_${+new Date()}_${upload.name}`,
-    }`;
+    );
    if ('isSocket' in req && req.isSocket) {
      // @TODO : test this
      try {