Ensure file names are valid before saving #85
Conversation
I don't know that I have one that will; I'll try to find one though |
Trenly
force-pushed
the
SafeFileDownloads
branch
from
8bc5b42 to
79fc1e9
Compare
I was able to find one that caused an error - https://static.getaether.net/Releases/Aether-2.0.0-dev.15/2011262249.19338c93/win/Aether-Setup-2.0.0-dev.15%2B2011262249.19338c93.exe Should be fixed with the latest push |
|
Uh oh; Looks like it doesn't like any sourceforge url's I'll have to look into that |
|
Can't we simply rename as {PackageIdentifier}.{PackageVersion}.{extension} Reference: microsoft#29454 (comment) |
Technically, yes, but then that operates under the assumption that we can actually get the extension from the URL, which may not always be possible. By downloading the binary without saving it, we can see if the web server has specified the file name. If the name is specified, we should use that name. If we didn’t use that name, all of the automatic architecture checking would never happen or it would need to be reworked. If the name isn’t specified, or the name the server provided isn’t valid, that is when we should fall back to the PackageIdentifier.PackageVersion.extension. However, even with that fallback, we can’t guarantee that a file extension was provided. We can try getting it from the provided file name, but it might not exist there. So, we can try getting it from the URL; if that doesn’t work, then we have to use our own extension. We could technically not have an extension, but having a last case extension makes it so users can better understand what the files in their temp directory are if they choose to save them |
|
Off-topic, is Moniker unknown? |
No idea what causes that; It doesn’t seem to have any issues in the validation pipeline, and I can’t figure out any way to reliably replicate it |
|
Moniker is only valid in files that are of ManifestType |
Makes sense! I’ll update the logic to remove moniker when manifest type is locale |
|
I guess you should lower the limit of the message. (8 to 128 characters would be fine, I think 🤔) |
@jedieaston what do you think? I personally think that things like |
|
240 characters (a tweet) should be enough? I think if you're going to make it as low as 128 characters, you should pop the link up to them to go and edit it ( Explaining why is important, at least to me (I usually assume Levvie or Esco or y'all know what you're doing, but if someone that doesn't contribute that often wants to nuke an entire ID, they should at least explain in the PR if not open an issue about it). |
I've actually brought this up earlier, the Locale Schema does actually not say that Moniker is a invalid variable However
I think |
The REST schema does, maybe the JSON schema does not? I wrote a implementation at one point of most of the REST documentation and that was one of the things that surprised me. |
What is REST? And where is it? @Trenly needs to add support for defaultLocale tho, i think he used Locale because there was no difference between defaultLocale and Locale |
|
Here's the REST schema, used for defining what a REST source's parameters/responses are (It's a OpenAPI document). I don't know why it's not in the winget-cli repo. Line 1144 in that file shows that defaultLocale extends Locale, adding a single field, I don't think that we should really be referencing this over the JSON schemas, but I think that since JSON schemas don't typically define a strict set of the only keys that can exist (while OpenAPI docs do), it will be difficult to automatically validate using just the JSON schema. |
|
@vedantmgoyal2009 I've updated the minimum length |
Have you ever created an issue for this? I'd like to look at the discussions surrounding it. If possible, I think we should try and get the JSON schema updated |
|
I don’t know if there’s an issue, but it looks like additionalProperties needs to be set to false for the JSON Schema to enforce random keys not being there. |
I know that, but what if someone has reason to add keys that aren't in the schema? If I'm not mistaken, Esco specifically said these keys should be kept - microsoft#21204 (review) |
|
They shouldn’t IMO, given they can’t be used in the client. I think those fields were added in v1.1, but if they are only in 1.1 then they shouldn’t be used in 1.0. @OfficialEsco I don’t understand the reasoning behind adding those fields, can you explain? |
|
I only work with fields that are in the current JSON Schema, all our fields are in the Schema. If they don't work in the current client but is in the Schema and the bot approved them then that is not our problem, the client will get support for it and those fields will be filled. |
|
Lets leave that discussion for a separate issue; My main concern with this PR is to ensure the files download successfully |
* Ensure file names are valid before saving * Fix: Catch when content disposition doesn't exist * Fix UserAgent not following redirects * Additional Web Request Parameters * Fix: Min descriptor length + Agent
* Install powershell-yaml * Enforce ordering of keys * Create function for adding list parameters * Write Version Manifest using Yaml Parser * Add To-Do Section * Rebase on master and cleanup commit history * Revert inadvertent changes from testing * Implement logic for installers using YAML parser * Fix statement in incorrect position * Remove RAW writing * Begin reading MultiManifests using Yaml parser * Cleanup unneeded variables * Bump Version * Read parameters from singletons * Add Product Code * Abstract ReadInstallerManifest to sub-function * Fix: Handle uninitialized variables * Merge New/Update, add EditMetadata * Fix: Change EditMetadata to work on singleton manifests * Fix: Update Git commit messages for accuracy * Remove Empty Manifest Folders * Fix: Correct text * Fix: Remove code for testing * Feature: If old manifests exist, update in place to preserve extra keys * Fix: Null Error when creating new * Fix: Cast only when installer code * Fix: Respect installer locale * Fix: Use UTF8 Encoding * Sort Yaml Keys * Git error handling * Fixed Moniker prompt for NewLocale * minItems, maxItems, pattern, variable fix * Implemented minItems from Schema * Implemented maxItems from Schema * Implemented pattern from Schema * Implemented available Architecture's from Schema * Implemented available InstallerType's from Schema * Added $script: to some variables which needs to stay throughout the script Only tested with one manifest as of now Cleanup If/Else logic & Rebase on master * Update method of getting Product Code from installer * SignatureSha256 and PackageFamilyName (#5) * More CommitTypes * Fill in PR Parameters microsoft#21940 (#4) * Detect PackageFamilyName for MSIX/APPX (#8) * Update YamlCreate.ps1 * Update YamlCreate.ps1 * Exclude .validation (#9) * Exclude .validation * Added exclude to ExistingVersions Co-authored-by: Levvie - she/her <[email protected]> * Add new line for PackageFamilyName (#10) * Standardize Keypress Menus (#11) * Standardize Keypress Menus * Fix: Use variable instead of pipeline * Fix Help Texts & Spacing * Cleanup Git Messages * Filter by Yaml * Remove debugging line Co-authored-by: Esco <[email protected]> Co-authored-by: Kaleb Luedtke <[email protected]> Co-authored-by: Esco <[email protected]> * Replaced PrBodyContentReply `n with array (#12) * Menu reduction (#13) * Simplify Code + Make Issues Entry Safer * Check issue validity * Fix unintended Revert Co-authored-by: Esco <[email protected]> * Fix unintended Revert Co-authored-by: Esco <[email protected]> * Fix unintended Revert Co-authored-by: Esco <[email protected]> Co-authored-by: Esco <[email protected]> * More patterns (#15) Added pattern for * PackageIdentifier * PackageVersion * PackageFamilyName * PackageLocale * Readability (#16) * Add Comparison Functions for Readability * Simplify Validation Function * Fix: Missing text * Remove spaces from split function * Fix: Resolve renamed variable * Validate Installer Modes * Validate File Extensions with Pattern and Length * Add Custom Error Class (#18) * Create function for adding list parameters * Remove RAW writing * Remove Empty Manifest Folders * minItems, maxItems, pattern, variable fix * Implemented minItems from Schema * Implemented maxItems from Schema * Implemented pattern from Schema * Implemented available Architecture's from Schema * Implemented available InstallerType's from Schema * Added $script: to some variables which needs to stay throughout the script * Add Custom Error Class * Cleanup Class Constructor * Additional error messages + cleanup * Continue adding error messages * Switched Local formatter to OTBS + Static Strings (Where applicable) * Fix Spacing * Remove unused variables from rebase Co-authored-by: Esco <[email protected]> * Fix: Check for package before do-until * Finish Locale Errors * Fix Spacing Issues * Make Enums Case Sensitive * Fix Unique Items + Incorrect Variables Co-authored-by: Esco <[email protected]> * Subfolder fix (#21) * Fix: Subfolder Exists Erroring * Return * Write Unused Keys as Comments (#22) * Write Unused Keys as Comments * Exclude certain keys from appearing as comments * Comment only Locale + Version * Quick Update, Function Reduction, Detect Installer Types, Detect Installer Architectures, and Comments (#27) * Update YamlCreate.ps1 * auto-detect installer architecture * Fix #27 (comment) * Fix auto-detection * Apply suggestions from code review Co-authored-by: Kaleb Luedtke <[email protected]> * Move Test + Submit to main * Update Tools/YamlCreate.ps1 * fix quick-update check * Reduce input required for quick version update (#4) * Reduce input required for quick version update * Fix Product Code * Don't add null product code if no product code key exists * improve quick update * Move prompt outside of Read-Info for clarity * Move Update Prompt outside of Read-Info for clarity * Update Messages * if there are any errors due to this commit, i will revert changes * Add Comments for code clarity Co-authored-by: Kaleb Luedtke <[email protected]> * Fix error from when functions were moved * Handle Manifest Level Parameters (#34) * Begin Handling Manifest Level Parameters * Fix InstallModes * Add delete manifest functionality (#39) * Add functionality to manually delete manifests * Add settings file and script documentation (#38) * Do not default installer locale * Add a script settings file with documentation * Add setting to suppress quick update warning * Remove accidental file inclusion * Fix: Update SignatureSha256 in quick update mode (#41) * Change Settings to allow for negative suppression (#46) * Change Settings to allow for negative suppression * Fix sample settings file * Invalid SandboxTest variable Co-authored-by: Vedant Mohan Goyal <[email protected]> Co-authored-by: Kaleb Luedtke <[email protected]> Co-authored-by: Esco <[email protected]> Co-authored-by: Vedant Mohan Goyal <[email protected]> * Cleaner references to linked issues (#49) * Command Line Arguments (#50) * Add switch for settings * Allow PackageIdentifier and PackageVersion to be passed as optional parameters * Add -help switch and documentation * Settings File Location * Fix spacing issue [#49] #51 Co-authored-by: Kaleb Luedtke <[email protected]> Co-authored-by: Vedant Mohan Goyal <[email protected]> * Fix Parameter Reading and Condensing(#54) * Fix: Allow InstallerSwitch keys to be split between installer level and manifest level on a per-key basis * Fix: Save parameters to variables before removing them from manifest level * Fix: Sandboxtest not working * Fix: Prompt for PFN if file does not exist (#55) * Auto Mode (#58) * Auto Mode * Fix for same version * Keep ProductCodes for .exe files * Keep ProductCodes for .exe files in Option-2 * Simplify function names, add debug info (#62) * Fix: Allow autoupdate to update old package versions (#66) * Make Simple Update automatically detect Sha256, SignatureSha256, and ProductCode without prompts (#61) * Make Simple Update automatically detect Sha256, SignatureSha256, and ProductCode without prompts * Add Parameter Mode (#64) * Add Parameter Mode * Update YamlCreate.ps1 * Update YamlCreate.md Co-authored-by: Vedant Mohan Goyal <[email protected]> * Use Unique Branch Names (#67) * Use Unique Branch Names * Process Branch Names Safely * Fix: Allow values other than en-US for default locale (#70) * Made it so git config was only modified for the local repo. (#72) * Only modify git config for local repo. * Fixed 2214. * Support for settings on Linux and macOS (#73) * Support for settings on Linux and macOS * Easton's suggestion * Update YamlCreate.md * Update Tools/YamlCreate.ps1 Co-authored-by: Kaleb Luedtke <[email protected]> * Update YamlCreate.ps1 Co-authored-by: Kaleb Luedtke <[email protected]> * Check for open PR's before submitting (#69) * Check for open PR's before submitting * Rebase on c82b39f * Use API instead of CLI * Exit when user-choice to terminate Co-authored-by: Vedant Mohan Goyal <[email protected]> Co-authored-by: Vedant Mohan Goyal <[email protected]> * Throw when script error (#74) * Fix: Add locale when converting from singleton (#75) * Fix: Branch names when deleting (#79) * Fix: Don't check for PRs on deletion (#80) * Update PR Content when removing a manifest (#82) * Update PR Content when removing a manifest * More realistic character count limits * Add is:pr to exclude issues from results (#88) * Ensure file names are valid before saving (#85) * Ensure file names are valid before saving * Fix: Catch when content disposition doesn't exist * Fix UserAgent not following redirects * Additional Web Request Parameters * Fix: Min descriptor length + Agent * Fix: Escape Regex in variables (#91) * Fix: Only add moniker to defaultLocale (#92) * Chore: Add references to YamlCreate documentation (#93) * Typo (#94) * Chore: Add note to enable settings Co-authored-by: denelon <[email protected]> * Chore: Remove To-do message * Update YamlCreate.ps1 * Move integer validation (#99) * Rename String.Validate -> Test-String (#101) * Suppress Write-Host warnings from ScriptAnalyzer * Fix missing constructor parameter * Rename Write-Locale-Manifests -> Write-LocaleManifest * Rename Write-Version-Manifest -> Write-VersionManifest * Rename Write-Installer-Manifest -> Write-InstallerManifest * Rename Read-WinGet-LocaleManifest -> Read-LocaleMetadata * Rename Read-WinGet-InstallerManifest -> Read-InstallerMetadata * Rename Read-Installer-Values-Minimal -> Read-QuickInstallerEntry * Rename Read-Installer-Values -> Read-InstallerEntry * Rename Enter-PR-Parameters -> Read-PRBody * Rename Write-Colors -> Write-MulticolorLine * Use Named Parameters for AddYamlParameter * Use Named Parameters for AddYamlListParameter * Use Named Parameters for PromptInstallerManifestValue * Support ShouldProcess for removing manifests * Move Downloading of installer to a separate function * More function name updates * Fix: Download Method (#107) * Check for version when setting proxy (#109) * Use defaultLocale due to microsoft/winget-cli#1646 resolving microsoft/winget-cli#1595 Co-authored-by: Esco <[email protected]> Co-authored-by: Vedant Mohan Goyal <[email protected]> Co-authored-by: Levvie - she/her <[email protected]> Co-authored-by: Kaleb Luedtke <[email protected]> Co-authored-by: Easton Pillay <[email protected]> Co-authored-by: denelon <[email protected]>
@jedieaston @OfficialEsco @vedantmgoyal2009
I think this should work. I did some light testing on my own machine. If you could please review and test this quite carefully, this is one of the core parts of the script
URL Known to cause issues previously - https://pinyin.thunisoft.com/webapi/v1/setup/downloadSetup?setupid=21f0e88683894ebcb440759c5aa25c47&filename=HuayuPY-V7.2.0.213.exe