fix(cli): validate productName in config, closes #5233 (#5262)

2026-04-05 10:13:00 +02:00 · 2022-09-28 16:44:14 +02:00
parent ae65951bc4
commit b9316a64ea
7 changed files with 576 additions and 127 deletions
--- a/.changes/cli-product-name-validation.md
+++ b/.changes/cli-product-name-validation.md
@@ -0,0 +1,7 @@
+---
+"cli.rs": "patch"
+"tauri-utils": "patch"
+---
+
+Validate `pacakge > productName` in the tauri config and produce errors if it contains one of the following characters `/\:*?\"<>|`
+
--- a/core/tauri-utils/src/config.rs
+++ b/core/tauri-utils/src/config.rs
@@ -2585,6 +2585,7 @@ impl<'d> serde::Deserialize<'d> for PackageVersion {
 pub struct PackageConfig {
  /// App name.
  #[serde(alias = "product-name")]
+  #[cfg_attr(feature = "schema", validate(regex(pattern = "^[^/\\:*?\"<>|]+$")))]
  pub product_name: Option<String>,
  /// App version. It is a semver version number or a path to a `package.json` file containing the `version` field.
  #[serde(deserialize_with = "version_deserializer", default)]
--- a/tooling/cli/Cargo.lock
+++ b/tooling/cli/Cargo.lock
--- a/tooling/cli/Cargo.toml
+++ b/tooling/cli/Cargo.toml
@@ -52,7 +52,7 @@ toml_edit = "0.14"
 json-patch = "0.2"
 tauri-utils = { version = "1.1.1", path = "../../core/tauri-utils", features = [ "isolation", "schema", "config-json5", "config-toml" ] }
 toml = "0.5"
-valico = "3.6"
+jsonschema = "0.16"
 handlebars = "4.3"
 include_dir = "0.7"
 minisign = "0.7"
--- a/tooling/cli/schema.json
+++ b/tooling/cli/schema.json
@@ -207,7 +207,8 @@
          "type": [
            "string",
            "null"
-          ]
+          ],
+          "pattern": "^[^/\\:*?\"<>|]+$"
        },
        "version": {
          "description": "App version. It is a semver version number or a path to a `package.json` file containing the `version` field.",
--- a/tooling/cli/src/helpers/config.rs
+++ b/tooling/cli/src/helpers/config.rs
@@ -135,28 +135,15 @@ fn get_internal(merge_config: Option<&str>, reload: bool) -> crate::Result<Confi
    || config_path.extension() == Some(OsStr::new("json5"))
  {
    let schema: JsonValue = serde_json::from_str(include_str!("../../schema.json"))?;
-    let mut scope = valico::json_schema::Scope::new();
-    let schema = scope.compile_and_return(schema, false).unwrap();
-    let state = schema.validate(&config);
-    if !state.errors.is_empty() {
-      for error in state.errors {
-        let path = error
-          .get_path()
-          .chars()
-          .skip(1)
-          .collect::<String>()
-          .replace('/', " > ");
+    let schema = jsonschema::JSONSchema::compile(&schema).unwrap();
+    let result = schema.validate(&config);
+    if let Err(errors) = result {
+      for error in errors {
+        let path = error.instance_path.clone().into_vec().join(" > ");
        if path.is_empty() {
-          eprintln!(
-            "`{config_file_name}` error: {}",
-            error.get_detail().unwrap_or_else(|| error.get_title()),
-          );
+          eprintln!("`{config_file_name}` error: {}", error);
        } else {
-          eprintln!(
-            "`{config_file_name}` error on `{}`: {}",
-            path,
-            error.get_detail().unwrap_or_else(|| error.get_title()),
-          );
+          eprintln!("`{config_file_name}` error on `{}`: {}", path, error);
        }
      }
      exit(1);
--- a/tooling/cli/src/interface/rust/desktop.rs
+++ b/tooling/cli/src/interface/rust/desktop.rs
@@ -344,6 +344,8 @@ fn rename_app(bin_path: &Path, product_name: Option<&str>) -> crate::Result<Path
      .join(&product_name)
      .with_extension(bin_path.extension().unwrap_or_default());

+    std::fs::create_dir_all(product_path.parent().unwrap())?;
+
    rename(&bin_path, &product_path).with_context(|| {
      format!(
        "failed to rename `{}` to `{}`",