From 9174b808dc37154999c119fcc3f31258a9c5a3fb Mon Sep 17 00:00:00 2001
From: Thibault <thibault_poisson@orange.fr>
Date: Thu, 29 Jun 2023 23:23:08 +0200
Subject: [PATCH] [persisted scope] fix: handle recursive directory correctly
 (#455)

* fix: use correct functions to allow/forbid
Without changing the data structure

* fix: wrong type passed when passing path by ref

* fix: remove '**' before allowing pattern to no trash the scope

* fmt: run fmt

* fix: Remove trailling '*' for non-recursive directories

* fix: remove superfluous asteriks recursively

* info: add changefile

* fix: remove unwated yarn.lock

* fix: simplify directories' fix and apply it to forbid_path too.

* fix: simplify path to str in fix_directory

* don't convert path back to str

* Update persisted-scope-fix-handle-glob-directories.md

---------

Co-authored-by: FabianLars <fabianlars@fabianlars.de>
---
 ...isted-scope-fix-handle-glob-directories.md |  7 ++
 plugins/persisted-scope/src/lib.rs            | 81 +++++++++++++++++--
 2 files changed, 81 insertions(+), 7 deletions(-)
 create mode 100644 .changes/persisted-scope-fix-handle-glob-directories.md

diff --git a/.changes/persisted-scope-fix-handle-glob-directories.md b/.changes/persisted-scope-fix-handle-glob-directories.md
new file mode 100644
index 000000000..7badc1850
--- /dev/null
+++ b/.changes/persisted-scope-fix-handle-glob-directories.md
@@ -0,0 +1,7 @@
+---
+"persisted-scope": patch
+---
+
+Fix usage of directory patterns by removing glob asterisks at the end before allowing/forbidding them.
+
+This was causing them to be escaped, and so undesirable paths were allowed/forbidden while polluting the `.persisted_scope` file.
diff --git a/plugins/persisted-scope/src/lib.rs b/plugins/persisted-scope/src/lib.rs
index fe2cddf1a..af4891862 100644
--- a/plugins/persisted-scope/src/lib.rs
+++ b/plugins/persisted-scope/src/lib.rs
@@ -6,7 +6,7 @@ use aho_corasick::AhoCorasick;
 use serde::{Deserialize, Serialize};
 use tauri::{
     plugin::{Builder, TauriPlugin},
-    AppHandle, FsScopeEvent, Manager, Runtime,
+    AppHandle, FsScope, FsScopeEvent, Manager, Runtime,
 };
 
 use std::{
@@ -42,6 +42,14 @@ enum Error {
     Bincode(#[from] Box<bincode::ErrorKind>),
 }
 
+#[derive(Debug, Default, Deserialize, Serialize, Eq, PartialEq, Hash)]
+enum TargetType {
+    #[default]
+    File,
+    Directory,
+    RecursiveDirectory,
+}
+
 #[derive(Debug, Default, Deserialize, Serialize)]
 struct Scope {
     allowed_paths: Vec<String>,
@@ -58,6 +66,66 @@ fn fix_pattern(ac: &AhoCorasick, s: &str) -> String {
     s
 }
 
+const RESURSIVE_DIRECTORY_SUFFIX: &str = "**";
+const DIRECTORY_SUFFIX: &str = "*";
+
+fn detect_scope_type(scope_state_path: &str) -> TargetType {
+    if scope_state_path.ends_with(RESURSIVE_DIRECTORY_SUFFIX) {
+        TargetType::RecursiveDirectory
+    } else if scope_state_path.ends_with(DIRECTORY_SUFFIX) {
+        TargetType::Directory
+    } else {
+        TargetType::File
+    }
+}
+
+fn fix_directory(path_str: &str) -> &Path {
+    let mut path = Path::new(path_str);
+
+    if path.ends_with(DIRECTORY_SUFFIX) || path.ends_with(RESURSIVE_DIRECTORY_SUFFIX) {
+        path = match path.parent() {
+            Some(value) => value,
+            None => return path,
+        };
+    }
+
+    path
+}
+
+fn allow_path(scope: &FsScope, path: &str) {
+    let target_type = detect_scope_type(path);
+
+    match target_type {
+        TargetType::File => {
+            let _ = scope.allow_file(path);
+        }
+        TargetType::Directory => {
+            // We remove the '*' at the end of it, else it will be escaped by the pattern.
+            let _ = scope.allow_directory(fix_directory(path), false);
+        }
+        TargetType::RecursiveDirectory => {
+            // We remove the '**' at the end of it, else it will be escaped by the pattern.
+            let _ = scope.allow_directory(fix_directory(path), true);
+        }
+    }
+}
+
+fn forbid_path(scope: &FsScope, path: &str) {
+    let target_type = detect_scope_type(path);
+
+    match target_type {
+        TargetType::File => {
+            let _ = scope.forbid_file(path);
+        }
+        TargetType::Directory => {
+            let _ = scope.forbid_directory(fix_directory(path), false);
+        }
+        TargetType::RecursiveDirectory => {
+            let _ = scope.forbid_directory(fix_directory(path), true);
+        }
+    }
+}
+
 fn save_scopes<R: Runtime>(app: &AppHandle<R>, app_dir: &Path, scope_state_path: &Path) {
     let fs_scope = app.fs_scope();
 
@@ -108,19 +176,18 @@ pub fn init<R: Runtime>() -> TauriPlugin<R> {
                         .map_err(Error::from)
                         .and_then(|scope| bincode::deserialize(&scope).map_err(Into::into))
                         .unwrap_or_default();
+
                     for allowed in &scope.allowed_paths {
                         let allowed = fix_pattern(&ac, allowed);
-
-                        let _ = fs_scope.allow_file(&allowed);
+                        allow_path(&fs_scope, &allowed);
                         #[cfg(feature = "protocol-asset")]
-                        let _ = asset_protocol_scope.allow_file(&allowed);
+                        allow_path(&asset_protocol_scope, &allowed);
                     }
                     for forbidden in &scope.forbidden_patterns {
                         let forbidden = fix_pattern(&ac, forbidden);
-
-                        let _ = fs_scope.forbid_file(&forbidden);
+                        forbid_path(&fs_scope, &forbidden);
                         #[cfg(feature = "protocol-asset")]
-                        let _ = asset_protocol_scope.forbid_file(&forbidden);
+                        forbid_path(&asset_protocol_scope, &forbidden);
                     }
 
                     // Manually save the fixed scopes to disk once.