Removing sanisation, instead just using it as a central path system.

packages/server/src/api/controllers/apikeys.js

@@ -1,5 +1,5 @@
 const fs = require("fs")
-const { join } = require("../../utilities/sanitisedPath")
+const { join } = require("../../utilities/centralPath")
 const readline = require("readline")
 const { budibaseAppsDir } = require("../../utilities/budibaseDir")
 const ENV_FILE_PATH = "/.env"

packages/server/src/api/controllers/application.js

@@ -8,7 +8,7 @@ const { budibaseAppsDir } = require("../../utilities/budibaseDir")
 const sqrl = require("squirrelly")
 const setBuilderToken = require("../../utilities/builder/setBuilderToken")
 const fs = require("fs-extra")
-const { join, resolve } = require("../../utilities/sanitisedPath")
+const { join, resolve } = require("../../utilities/centralPath")
 const { promisify } = require("util")
 const chmodr = require("chmodr")
 const { generateAppID, getAppParams } = require("../../db/utils")

packages/server/src/api/controllers/component.js

@@ -1,6 +1,6 @@
 const CouchDB = require("../../db")
 const ClientDb = require("../../db/clientDb")
-const { resolve, join } = require("../../utilities/sanitisedPath")
+const { resolve, join } = require("../../utilities/centralPath")
 const {
   budibaseTempDir,
   budibaseAppsDir,

packages/server/src/api/controllers/deploy/aws.js

@@ -1,5 +1,5 @@
 const fs = require("fs")
-const { join } = require("../../../utilities/sanitisedPath")
+const { join } = require("../../../utilities/centralPath")
 const AWS = require("aws-sdk")
 const fetch = require("node-fetch")
 const { budibaseAppsDir } = require("../../../utilities/budibaseDir")

packages/server/src/api/controllers/instance.js

@@ -3,7 +3,7 @@ const CouchDB = require("../../db")
 const client = require("../../db/clientDb")
 const newid = require("../../db/newid")
 const { createLinkView } = require("../../db/linkedRecords")
-const { join } = require("../../utilities/sanitisedPath")
+const { join } = require("../../utilities/centralPath")
 const { downloadTemplate } = require("../../utilities/templates")
 
 exports.create = async function(ctx) {

packages/server/src/api/controllers/static.js

@@ -1,5 +1,5 @@
 const send = require("koa-send")
-const { resolve, join } = require("../../utilities/sanitisedPath")
+const { resolve, join } = require("../../utilities/centralPath")
 const jwt = require("jsonwebtoken")
 const fetch = require("node-fetch")
 const fs = require("fs-extra")

packages/server/src/api/controllers/view/index.js

@@ -1,7 +1,7 @@
 const CouchDB = require("../../../db")
 const viewTemplate = require("./viewBuilder")
 const fs = require("fs")
-const { join } = require("../../../utilities/sanitisedPath")
+const { join } = require("../../../utilities/centralPath")
 const os = require("os")
 const exporters = require("./exporters")
 const { fetchView } = require("../record")

packages/server/src/automations/actions.js

@@ -6,7 +6,7 @@ const createUser = require("./steps/createUser")
 const environment = require("../environment")
 const download = require("download")
 const fetch = require("node-fetch")
-const { join } = require("../utilities/sanitisedPath")
+const { join } = require("../utilities/centralPath")
 const os = require("os")
 const fs = require("fs")
 const Sentry = require("@sentry/node")

packages/server/src/db/client.js

@@ -2,7 +2,6 @@ const PouchDB = require("pouchdb")
 const replicationStream = require("pouchdb-replication-stream")
 const allDbs = require("pouchdb-all-dbs")
 const { budibaseAppsDir } = require("../utilities/budibaseDir")
-const { sanitise } = require("../utilities/sanitisedPath")
 const env = require("../environment")
 
 const COUCH_DB_URL = env.COUCH_DB_URL || `leveldb://${budibaseAppsDir()}/.data/`
@@ -27,10 +26,4 @@ const Pouch = PouchDB.defaults(POUCH_DB_DEFAULTS)
 
 allDbs(Pouch)
 
-function PouchWrapper(instance) {
-  Pouch.apply(this, [sanitise(instance)])
-}
-
-PouchWrapper.prototype = Object.create(Pouch.prototype)
-
-module.exports = PouchWrapper
+module.exports = Pouch

packages/server/src/electron.js

@@ -1,5 +1,5 @@
 const { app, BrowserWindow, shell, dialog } = require("electron")
-const { join } = require("./utilities/sanitisedPath")
+const { join } = require("./utilities/centralPath")
 const isDev = require("electron-is-dev")
 const { autoUpdater } = require("electron-updater")
 const unhandled = require("electron-unhandled")

packages/server/src/index.js

@@ -1,4 +1,4 @@
-const { resolve, join } = require("./utilities/sanitisedPath")
+const { resolve, join } = require("./utilities/centralPath")
 const { homedir } = require("os")
 const { app } = require("electron")
 const fixPath = require("fix-path")

packages/server/src/utilities/budibaseDir.js

@@ -1,4 +1,4 @@
-const { join } = require("./sanitisedPath")
+const { join } = require("./centralPath")
 const { homedir, tmpdir } = require("os")
 const env = require("../environment")
 

packages/server/src/utilities/builder/buildPage.js

@@ -6,7 +6,7 @@ const {
   readFile,
   writeJSON,
 } = require("fs-extra")
-const { join, resolve } = require("../sanitisedPath")
+const { join, resolve } = require("../centralPath")
 const sqrl = require("squirrelly")
 const { convertCssToFiles } = require("./convertCssToFiles")
 const publicPath = require("./publicPath")

packages/server/src/utilities/builder/convertCssToFiles.js

@@ -1,6 +1,6 @@
 const crypto = require("crypto")
 const { ensureDir, emptyDir, writeFile } = require("fs-extra")
-const { join } = require("../sanitisedPath")
+const { join } = require("../centralPath")
 
 module.exports.convertCssToFiles = async (publicPagePath, pkg) => {
   const cssDir = join(publicPagePath, "css")

packages/server/src/utilities/builder/getPages.js

@@ -1,5 +1,5 @@
 const { readJSON, readdir } = require("fs-extra")
-const { join } = require("../sanitisedPath")
+const { join } = require("../centralPath")
 
 module.exports = async appPath => {
   const pages = {}

packages/server/src/utilities/builder/index.js

@@ -8,7 +8,7 @@ const {
   unlink,
   rmdir,
 } = require("fs-extra")
-const { join, resolve } = require("../sanitisedPath")
+const { join, resolve } = require("../centralPath")
 const { dirname } = require("path")
 const env = require("../../environment")
 

packages/server/src/utilities/builder/listScreens.js

@@ -1,6 +1,6 @@
 const { appPackageFolder } = require("../createAppPackage")
 const { readJSON, readdir, stat } = require("fs-extra")
-const { join } = require("../sanitisedPath")
+const { join } = require("../centralPath")
 const { keyBy } = require("lodash/fp")
 
 module.exports = async (config, appname, pagename) => {

packages/server/src/utilities/builder/publicPath.js

@@ -1,3 +1,3 @@
-const { join } = require("../sanitisedPath")
+const { join } = require("../centralPath")
 
 module.exports = (appPath, pageName) => join(appPath, "public", pageName)

packages/server/src/utilities/centralPath.js

@@ -0,0 +1,22 @@
+const path = require("path")
+
+// this simply runs all of our path join and resolve functions through
+// a central location incase we need to add some protection to file paths
+
+/**
+ * Exactly the same as path.join
+ * @param args Any number of string arguments to add to a path
+ * @returns {string} The final path ready to use
+ */
+exports.join = function(...args) {
+  return path.join(...args)
+}
+
+/**
+ * Exactly the same as path.resolve
+ * @param args Any number of string arguments to add to a path
+ * @returns {string} The final path ready to use
+ */
+exports.resolve = function(...args) {
+  return path.resolve(...args)
+}

packages/server/src/utilities/createAppPackage.js

@@ -1,4 +1,4 @@
-const { resolve } = require("./sanitisedPath")
+const { resolve } = require("./centralPath")
 const { cwd } = require("process")
 const stream = require("stream")
 const fetch = require("node-fetch")

packages/server/src/utilities/initialiseBudibase.js

@@ -1,5 +1,5 @@
 const { exists, readFile, writeFile, ensureDir } = require("fs-extra")
-const { join, resolve } = require("./sanitisedPath")
+const { join, resolve } = require("./centralPath")
 const Sqrl = require("squirrelly")
 const uuid = require("uuid")
 

packages/server/src/utilities/sanitisedPath.js

@@ -1,50 +0,0 @@
-const path = require("path")
-
-const regex = new RegExp(/:(?![\\/])/g)
-// set a limit on path depth, just incase recursion is occurring
-const MAX_ARGS = 50
-
-function sanitiseArgs(args) {
-  let sanitised = []
-  let count = 0
-  for (let arg of args) {
-    // if a known string is found don't continue, can't operate on it
-    if (typeof arg !== "string") {
-      throw "Sanitisation of paths can only occur on strings"
-    }
-    // maximum number of path args have been iterated on
-    if (count > MAX_ARGS) {
-      break
-    }
-    sanitised.push(arg.replace(regex, ""))
-    count++
-  }
-  return sanitised
-}
-
-/**
- * Exactly the same as path.join but creates a sanitised path.
- * @param args Any number of string arguments to add to a path
- * @returns {string} The final path ready to use
- */
-exports.join = function(...args) {
-  return path.join(...sanitiseArgs(args))
-}
-
-/**
- * Exactly the same as path.resolve but creates a sanitised path.
- * @param args Any number of string arguments to add to a path
- * @returns {string} The final path ready to use
- */
-exports.resolve = function(...args) {
-  return path.resolve(...sanitiseArgs(args))
-}
-
-/**
- * Sanitise a single string
- * @param string input string to sanitise
- * @returns {string} the final sanitised string
- */
-exports.sanitise = function(string) {
-  return sanitiseArgs([string])[0]
-}

packages/server/src/utilities/templates.js

@@ -1,5 +1,5 @@
 const fs = require("fs-extra")
-const { join } = require("./sanitisedPath")
+const { join } = require("./centralPath")
 const os = require("os")
 const fetch = require("node-fetch")
 const stream = require("stream")