search

tauri-apps / tauri

Build smaller, faster, and more secure desktop applications with a web frontend.
https://tauri.app
Apache License 2.0
81.76k stars 2.45k forks source link

[bug] Cannot open relative file path specified on tha command-line #10398

Open mildred opened 1 month ago

mildred commented 1 month ago

Describe the bug

I have an application that needs to open up files present on the command-line, however the security restrictions seems to prevent that.

I get a Forbidden path ./path/to/file when I try to run fs.readTextFile()

Reproduction

Setup a Tauri v2 app with in config:

{
  ...
  "plugins": {
    "cli": {
      "description": "word processor for html files",
      "args": [
        {
          "name": "filename",
          "index": 1,
          "takesValue": true
        }
      ]
    },
    "fs": {
      "scope": [
        "*/**",
        "$HOME",
        "$HOME/*",
        "$HOME/**"
      ]
    },
  }
}

Then try to run the following javascript code:

    getMatches().then(async (matches) => {
      console.log("CLI arg: %o", matches)
      if (matches.args.filename) {
        let path = matches.args.filename.value
        const html = await readTextFile(path)
        if (html != null) {
          setContent(html)
        }
      }
    })

Expected behavior

You get a forbidden path error

Full tauri info output

[✔] Environment
    - OS: Fedora 40 X64
    ✔ webkit2gtk-4.1: 2.44.2
    ✔ rsvg2: 2.57.1
    ✔ rustc: 1.79.0 (129f3b996 2024-06-10)
    ✔ cargo: 1.79.0 (ffa9cf99a 2024-06-03)
    ✔ rustup: 1.27.1 (54dd3d00f 2024-04-24)
    ✔ Rust toolchain: stable-x86_64-unknown-linux-gnu (default)
    - node: 22.4.1
    - yarn: 1.22.22
    - npm: 10.8.1

[-] Packages
    - tauri [RUST]: 2.0.0-beta.24
    - tauri-build [RUST]: 2.0.0-beta.19
    - wry [RUST]: 0.41.0
    - tao [RUST]: 0.28.1
    - @tauri-apps/api [NPM]: 2.0.0-beta.15
    - @tauri-apps/cli [NPM]: 2.0.0-beta.22

[-] App
    - build-type: bundle
    - CSP: unset
    - frontendDist: ../dist
    - devUrl: http://localhost:1420/
    - framework: React
    - bundler: Rollup

Stack trace

No response

Additional context

No response

FabianLars commented 1 month ago

In v2 the scope config belongs in the capability json file in src-tauri/capabilities/ now, not into the tauri.conf.json file: https://v2.tauri.app/plugin/file-system/#permissions

Using "**" should allow all paths (btw, you can also allow paths dynamically in rust using app.fs_scope().allow_file(path)).

That said, relative paths (relative to the app) in the frontend are a bit tricky, so it may not be working with the correct scope either. Please reach out again here if that's the case.

mildred commented 1 month ago

Relative paths is exactly the problem I was experiencing...

Forbidden path ./path/to/file

I added "**" to the scope but I still get the Forbidden path error...

mildred commented 1 month ago

I added this command to main.rs:

use tauri::{AppHandle, Runtime};
use tauri_plugin_fs::FsExt;

// Learn more about Tauri commands at https://tauri.app/v1/guides/features/command
#[tauri::command]
fn allow_file<R: Runtime>(
    app: AppHandle<R>,
    path: &str) -> () {
    app.fs_scope().allow_file(path);
}

Then made use of it in javascript:

import { invoke } from '@tauri-apps/api/core'
import { getMatches } from '@tauri-apps/plugin-cli'
import { readTextFile } from '@tauri-apps/plugin-fs';

      console.log("CLI arg: %o", matches)
      if (matches.args.filename) {
        let path = matches.args.filename.value
        await invoke("allow_file", { path })
        const html = await readTextFile(path)
        if (html != null) {
          setContent(html)
        }
      }