react-native/local-cli
Andrew Clark 9862a77b6a Use file name whitelist to prevent RCE
Summary:
Use a whitelist to validate user-provided file names. This doesn't cover the entire range of valid filenames but should cover almost all of them in practice. Allows letters, numbers, periods, dashes, and underscores. Opting to use a whitelist instead of a blacklist because getting this wrong leaves us vulnerable to a RCE attack.

This is the same patch I submitted to create-react-app: https://github.com/facebook/create-react-app/pull/4866

See s163726 for more details

Reviewed By: LukasReschke

Differential Revision: D9504148

fbshipit-source-id: e3c7587f1b7f93bec90a58a38d5f6d58f1f59275
2018-09-04 11:32:51 -07:00
..
__mocks__ metro-memory-fs: enforce explicit cwd() 2018-05-25 08:04:34 -07:00
bundle Make the --transformer CLI argument override the babelTransformerPath 2018-08-28 19:01:57 -07:00
core Bump lodash dependency (#20892) 2018-08-31 12:19:04 -07:00
dependencies End metro server gracefully when there are some edge errors 2018-08-30 03:33:03 -07:00
eject Prettier RN local-cli 2018-05-11 13:00:50 -07:00
generator Ignore DevDependencies when generating template. (#20542) 2018-08-06 12:32:24 -07:00
info cli: upgrade envinfo for new features in `react-native info` 2018-05-29 17:30:16 -07:00
init Switch babel preset to metro-react-native-babel-preset (#20653) 2018-08-13 10:32:11 -07:00
install Prettier RN local-cli 2018-05-11 13:00:50 -07:00
library Prettier RN local-cli 2018-05-11 13:00:50 -07:00
link Bump Android Support Library to 27.1.1 (#20586) 2018-08-20 18:08:52 -07:00
logAndroid Prettier RN local-cli 2018-05-11 13:00:50 -07:00
logIOS Prettier RN local-cli 2018-05-11 13:00:50 -07:00
runAndroid Add missing "--terminal" argument to run-android (#20584) 2018-08-20 15:02:42 -07:00
runIOS Flow strictify possible files in RN core 2018-06-20 00:47:21 -07:00
server Use file name whitelist to prevent RCE 2018-09-04 11:32:51 -07:00
templates refine android config (#20731) 2018-08-23 12:17:57 -07:00
upgrade Prettier RN local-cli 2018-05-11 13:00:50 -07:00
util Expose the actual transformer in the config 2018-08-23 15:48:04 -07:00
.npmignore npmignore: ignore tests and fixtures 2018-02-27 08:42:14 -08:00
cli.js Prettier RN local-cli 2018-05-11 13:00:50 -07:00
cliEntry.js Use new configuration in react-native public cli 2018-07-25 05:47:58 -07:00
commands.js BREAKING: metro: rename 'unbundle' to 'ram bundle' 2018-07-20 09:33:57 -07:00
setup_env.bat Update license headers for MIT license 2018-02-16 18:31:53 -08:00
setup_env.sh Update license headers for MIT license 2018-02-16 18:31:53 -08:00
wrong-react-native.js Prettier files with shebang 2018-05-11 13:52:30 -07:00