diff --git a/.changes/config.json b/.changes/config.json index 7d7bbe20e12d..78a03db4c177 100644 --- a/.changes/config.json +++ b/.changes/config.json @@ -7,6 +7,7 @@ "bug": "Bug Fixes", "pref": "Performance Improvements", "changes": "What's Changed", + "sec": "Security fixes", "deps": "Dependencies" }, "defaultChangeTag": "changes", diff --git a/.changes/core-leading-dot.md b/.changes/core-leading-dot.md new file mode 100644 index 000000000000..432d94ac6563 --- /dev/null +++ b/.changes/core-leading-dot.md @@ -0,0 +1,5 @@ +--- +'tauri': 'patch:sec' +--- + +Fix regression in `1.4` where the default behavior of the file system scope was changed to allow reading hidden files and directories by default. diff --git a/core/tauri-config-schema/schema.json b/core/tauri-config-schema/schema.json index 4cf848842676..9eff6b9bfcbe 100644 --- a/core/tauri-config-schema/schema.json +++ b/core/tauri-config-schema/schema.json @@ -2102,7 +2102,7 @@ } }, "requireLiteralLeadingDot": { - "description": "Whether or not paths that contain components that start with a `.` will require that `.` appears literally in the pattern; `*`, `?`, `**`, or `[...]` will not match. This is useful because such files are conventionally considered hidden on Unix systems and it might be desirable to skip them when listing files.\n\nDefaults to `false` on Unix systems and `true` on Windows", + "description": "Whether or not paths that contain components that start with a `.` will require that `.` appears literally in the pattern; `*`, `?`, `**`, or `[...]` will not match. This is useful because such files are conventionally considered hidden on Unix systems and it might be desirable to skip them when listing files.\n\nDefaults to `true` on Unix systems and `false` on Windows", "type": [ "boolean", "null" diff --git a/core/tauri-utils/src/config.rs b/core/tauri-utils/src/config.rs index afff520a8ba2..6dbe8f7279c4 100644 --- a/core/tauri-utils/src/config.rs +++ b/core/tauri-utils/src/config.rs @@ -1329,7 +1329,7 @@ pub enum FsAllowlistScope { /// conventionally considered hidden on Unix systems and it might be /// desirable to skip them when listing files. /// - /// Defaults to `false` on Unix systems and `true` on Windows + /// Defaults to `true` on Unix systems and `false` on Windows // dotfiles are not supposed to be exposed by default on unix #[serde(alias = "require-literal-leading-dot")] require_literal_leading_dot: Option, diff --git a/core/tauri/src/scope/fs.rs b/core/tauri/src/scope/fs.rs index 1deccf4ccbf9..52bf2d23e380 100644 --- a/core/tauri/src/scope/fs.rs +++ b/core/tauri/src/scope/fs.rs @@ -114,9 +114,9 @@ impl Scope { } => *require, // dotfiles are not supposed to be exposed by default on unix #[cfg(unix)] - _ => false, - #[cfg(windows)] _ => true, + #[cfg(windows)] + _ => false, }; Ok(Self { @@ -287,9 +287,9 @@ mod tests { require_literal_separator: true, // dotfiles are not supposed to be exposed by default on unix #[cfg(unix)] - require_literal_leading_dot: false, - #[cfg(windows)] require_literal_leading_dot: true, + #[cfg(windows)] + require_literal_leading_dot: false, ..Default::default() }, } diff --git a/tooling/cli/schema.json b/tooling/cli/schema.json index 4cf848842676..9eff6b9bfcbe 100644 --- a/tooling/cli/schema.json +++ b/tooling/cli/schema.json @@ -2102,7 +2102,7 @@ } }, "requireLiteralLeadingDot": { - "description": "Whether or not paths that contain components that start with a `.` will require that `.` appears literally in the pattern; `*`, `?`, `**`, or `[...]` will not match. This is useful because such files are conventionally considered hidden on Unix systems and it might be desirable to skip them when listing files.\n\nDefaults to `false` on Unix systems and `true` on Windows", + "description": "Whether or not paths that contain components that start with a `.` will require that `.` appears literally in the pattern; `*`, `?`, `**`, or `[...]` will not match. This is useful because such files are conventionally considered hidden on Unix systems and it might be desirable to skip them when listing files.\n\nDefaults to `true` on Unix systems and `false` on Windows", "type": [ "boolean", "null"