(fileName, lineNumber, colNumber)
| 285 | |
| 286 | let _childProcess = null; |
| 287 | function launchEditor(fileName, lineNumber, colNumber) { |
| 288 | if (!fs.existsSync(fileName)) { |
| 289 | return; |
| 290 | } |
| 291 | |
| 292 | // Sanitize lineNumber to prevent malicious use on win32 |
| 293 | // via: https://github.com/nodejs/node/blob/c3bb4b1aa5e907d489619fb43d233c3336bfc03d/lib/child_process.js#L333 |
| 294 | // and it should be a positive integer |
| 295 | if (!(Number.isInteger(lineNumber) && lineNumber > 0)) { |
| 296 | return; |
| 297 | } |
| 298 | |
| 299 | // colNumber is optional, but should be a positive integer too |
| 300 | // default is 1 |
| 301 | if (!(Number.isInteger(colNumber) && colNumber > 0)) { |
| 302 | colNumber = 1; |
| 303 | } |
| 304 | |
| 305 | let [editor, ...args] = guessEditor(); |
| 306 | |
| 307 | if (!editor) { |
| 308 | printInstructions(fileName, null); |
| 309 | return; |
| 310 | } |
| 311 | |
| 312 | if (editor.toLowerCase() === 'none') { |
| 313 | return; |
| 314 | } |
| 315 | |
| 316 | if ( |
| 317 | process.platform === 'linux' && |
| 318 | fileName.startsWith('/mnt/') && |
| 319 | /Microsoft/i.test(os.release()) |
| 320 | ) { |
| 321 | // Assume WSL / "Bash on Ubuntu on Windows" is being used, and |
| 322 | // that the file exists on the Windows file system. |
| 323 | // `os.release()` is "4.4.0-43-Microsoft" in the current release |
| 324 | // build of WSL, see: https://github.com/Microsoft/BashOnWindows/issues/423#issuecomment-221627364 |
| 325 | // When a Windows editor is specified, interop functionality can |
| 326 | // handle the path translation, but only if a relative path is used. |
| 327 | fileName = path.relative('', fileName); |
| 328 | } |
| 329 | |
| 330 | // cmd.exe on Windows is vulnerable to RCE attacks given a file name of the |
| 331 | // form "C:\Users\myusername\Downloads\& curl 172.21.93.52". Use a whitelist |
| 332 | // to validate user-provided file names. This doesn't cover the entire range |
| 333 | // of valid file names but should cover almost all of them in practice. |
| 334 | if ( |
| 335 | process.platform === 'win32' && |
| 336 | !WINDOWS_FILE_NAME_WHITELIST.test(fileName.trim()) |
| 337 | ) { |
| 338 | console.log(); |
| 339 | console.log( |
| 340 | chalk.red('Could not open ' + path.basename(fileName) + ' in the editor.') |
| 341 | ); |
| 342 | console.log(); |
| 343 | console.log( |
| 344 | 'When running on Windows, file names are checked against a whitelist ' + |
no test coverage detected