MCPcopy
hub / github.com/Kong/insomnia / validatePluginName

Function validatePluginName

packages/insomnia/src/utils/plugin-name.ts:12–106  ·  view source on GitHub ↗
(pluginName: string, allowScopedPackageNames = false)

Source from the content-addressed store, hash-verified

10const unsafeShellPattern = /[|;&$`\\]/;
11
12export function validatePluginName(pluginName: string, allowScopedPackageNames = false): string | null {
13 const pluginNameWithoutPrefix = pluginName.replace(/^insomnia-plugin-/, '');
14
15 // Check the length of the plugin name
16 // Plugin name must be less than 214 characters
17 if (pluginNameWithoutPrefix.trim().length === 0 || pluginNameWithoutPrefix.length > 214) {
18 return 'Plugin name must not be empty or too long';
19 }
20
21 if (pluginNameWithoutPrefix.startsWith('@') && !allowScopedPackageNames) {
22 return 'Scoped packages are not permitted in this context. To install scoped packages, please use the Plugin Host instead.';
23 }
24
25 // Prevent path traversal
26 if (allowScopedPackageNames) {
27 // Allow scoped package names to contain slashes
28 if (
29 (pluginNameWithoutPrefix.startsWith('@') && pluginNameWithoutPrefix.split('/').length > 2) ||
30 pluginNameWithoutPrefix.includes('..') ||
31 pluginNameWithoutPrefix.includes('\\')
32 ) {
33 return 'Plugin name must not contain path traversal characters';
34 }
35 } else {
36 if (
37 pluginNameWithoutPrefix.includes('..') ||
38 pluginNameWithoutPrefix.includes('/') ||
39 pluginNameWithoutPrefix.includes('\\')
40 ) {
41 return 'Plugin name must not contain path traversal characters';
42 }
43 }
44
45 if (unsafeShellPattern.test(pluginNameWithoutPrefix)) {
46 return 'Plugin name must not contain shell metacharacters';
47 }
48
49 if (pluginNameWithoutPrefix.trim() === '-') {
50 return 'Plugin name must not be a single dash';
51 }
52
53 if (pluginNameWithoutPrefix.startsWith('-')) {
54 return 'Plugin name must not start with a dash';
55 }
56
57 if (pluginNameWithoutPrefix.endsWith('-')) {
58 return 'Plugin name must not end with a dash';
59 }
60
61 if (pluginNameWithoutPrefix.match(/--/)) {
62 return 'Plugin name must not contain consecutive dashes';
63 }
64
65 if (pluginNameWithoutPrefix.match(/^\./)) {
66 return 'Plugin name cannot start with a period';
67 }
68
69 if (pluginNameWithoutPrefix.match(/^_/)) {

Callers 5

getSafePluginDirFunction · 0.90
installPluginFunction · 0.90
getPluginInfoFunction · 0.90
installPluginToTmpDirFunction · 0.90
PluginsFunction · 0.90

Calls 2

matchMethod · 0.80
testMethod · 0.45

Tested by

no test coverage detected