Getting the full path of a DirectoryEntry - google-chrome-extension

Does anyone know how to get the full path of a DirectoryEntry object in a Chrome Packaged App, without any tildes or other shortcuts?
I am writing a Google Chrome Packaged App. My app has a button where a user can choose a directory using chrome.fileSystem API. When the directory choice comes back to my app, it is represented by a DirectoryEntry object, which is defined in the File API. The object looks like this in the console:
DirectoryEntry {
filesystem: DOMFileSystem
fullPath: "/to_read"
isDirectory: true
isFile: false
name: "to_read"
__proto__: DirectoryEntry
}
I am using Windows and the full path of the directory is
C:\Users\David\Desktop\to_read
I would like a function that can return that path or something close. Unfortunately, the closest thing I found is chrome.fileSystem.getDisplayPath, but that returns the following:
~\Desktop\to_read
The return value from getDisplayPath is not useful to me, because I want to get the full name of the directory (including the drive) so I can compare it to some other full directory paths I have.
I tried calling toURL() on the DirectoryEntry and it returned an empty string.
A bit about my project: I want to write an iTunes library synchronizer as a Chrome Packaged App. The iTunes library XML file contains full paths like file://localhost/D:/David/Music/Bob/Bob%20Album/01%20Bob.mp3. The user will give my app access to his music folders, and I want to be able to tell if he gave me access to the right folders.

The only full paths available are those returned by getDisplayPath.
The mediaGalleries API may be a better fit for your project: http://developer.chrome.com/apps/mediaGalleries.html#iTunes.

If you have a full path path/to/the/file.mp3 and you want to load the file directly with tis you can do it but the solution is not perfect. Use the chrome.mediaGalleries API to ask where the user saves his music (in your case), then you can write a loop who check if one of the path repository is equal to a gallery.
For example if you got a file path/to/the/file.mp3 from the xml file and your galleries list looks like ["D", "to", "Videos"], write a function to check if each component of the file's path is a gallery. In this case your code will find "to", so you can launch a second function who use "the/file.mp3".
The second function has to use the given path and find if the gallery contains the right folders and finally the right file (use this example by Google). In the case you're trying to find "the/file.mp3" with the gallery to your loop has to find a directory named "the" then "file.mp3" (write a recursive function), if you find the file open it, otherwise come back to the first function if you haven't check all the galleries or all the path's component.

This is currently (2014-01-10) not a feature of Chrome, but I have suggested it and they are working on it:
https://code.google.com/p/chromium/issues/detail?id=322952

Related

How to resolve system directories paths independently of system locale?

TLDR
I need to get paths to system directories like "Screenshots":
On an English system. I can just use this one:
C:/Users/User/Pictures/Screenshots
How do I get the path to "Screenshots" directory on a non-English system?
C:/Users/User/Pictures/[NAME]
Description
I have a file manager app, it displays system directories and loads them on click.
The app can run system commands via Powershell and use Node.js (preferred)
Problem
The problem is, it only works if the system has English system language.
Currently, to resolve the "Screenshots" directory path, the app simply joins the User directory with the word "Screenshots"
const pictures = electronRemote.app.getPath('pictures')
const screenshots = PATH.join(pictures, 'Screenshots')
link to the line in code
Expectedly, the C:/Users/User/Screenshots path only exists on English systems.
One way to solve this is to use short names, at least on Windows, I know that system directories have short names like SCREEN~1 and WALLPA~1 for Screenshots and Wallpapers directories, but if I use these names the paths will look like this:
C:/Users/User/SCREEN~1 instead of C:/Users/User/Screenshots throughout the app.
And even if I were to run these paths through a function to convert it to readable name, how would I know which word to replace it with? I need to get the name in the system's language.
Are these translations stored somewhere on the system? Can I just retrieve the translated directory name and use that in the code above?
Question
How do I make it to get / resolve the actual path of system directories like Screenshots and Wallpapers, independently of system locale?
If you know how to do it, could you please suggest the solution for all platforms (Win, Mac, Linux)?
Should I just use the short names like SCREEN~1 and then automatically replace all the occurrences in UI and also filter all paths through a function that replaces this short name with the actual path throughout the whole app? Seems like a lot of work, this approach

In Windows Node.js fs.readdirSync With Users Folders etc

I've been developing an nw.js project and use node.js file system functions in it as normal. In my application there is a file manager and I list folders and files according to user navigation. In Windows, for example, if I scan drive C: I get the Turkish named folder "Kullanıcılar" as "Users". I know it's real name in operating system is "Users" and just seen on the screen according to Languages. I can replace names of such folders when dispaying in my file manager but I'm searching for better solution if exists. Thanks in advance.
There's an SO answer here that reads the localized name of a folder in C# using the SHGetFileInfo function which might help you along.
Now I know you didn't ask, but in case you want to know where the information is stored... It's within the directory, in the Desktop.ini file.
For instance, my Windows 10 installation has this in it for "Users":
[.ShellClassInfo]
LocalizedResourceName=#%SystemRoot%\system32\shell32.dll,-21813
And this for the Images folder within my user folder (bringing this up to show you the additional keys):
[.ShellClassInfo]
LocalizedResourceName=#%SystemRoot%\system32\shell32.dll,-21779
InfoTip=#%SystemRoot%\system32\shell32.dll,-12688
IconResource=%SystemRoot%\system32\imageres.dll,-113
IconFile=%SystemRoot%\system32\shell32.dll
IconIndex=-236
The #%SystemRoot%\system32\shell32.dll,-21813 points to having to read the MUI (multilingual user interface) resources, key 21813 for the given file (presumably the # means that it's in this file, not this literal value, but don't quote me on that). %SystemRoot% is an environment variable that points to the Windows directory.
The actual MUI files and their locations are handled by Windows (see the MSDN link above), but we'll just happen to handily know that the MUI file for the US English localization of shell32.dll is system32\en-US\shell32.dll.mui.
Opening up that file with Resource Hacker, we can search for 21813 -- and voila! We can find STRINGTABLE resource #1364 that contains:
[...snip...]
21812, "Extras and Upgrades"
21813, "Users"
21814, "Saved Games"
[...snip...]
I unfortunately don't have tr-TR/shell32.dll.mui available, so you'll just have to trust me that you'd find the Kullanıcılar string there.

Inno Setup - How to replace UserName with string

first attempt at posting this question was with severe jet lag. This re-edit of the question I only have the associated sleep deprivation...
I want to know the best way to use the installer to capture path information and then remove any reference to the user profile.
My program is designed to run from a central network location. To reduce network traffic some files are copied to a local drive, eg. AppData\MyProg\
I use a file browse dialogue so the person installing can specify the location:
pg_LocalPaths := CreateInputDirPage(pg_CentralPaths.id,
'Confirm File Locations For User Settings', 'To improve user experience these locations should be off the network.',
'Default Locations are:', False, 'New Folder');
// Add file browswer item (with an empty caption)
pg_LocalPaths.Add('Supporting files will be copied here by the application:');
pg_LocalPaths.Add('User settings (for a single user) will be saved here:');
// Set initial value
pg_LocalPaths.Values[0] := GetPreviousData('pg_LocalPaths0', ExpandConstant('{userappdata}\{#pFolder}'));
pg_LocalPaths.Values[1] := GetPreviousData('pg_LocalPaths1', ExpandConstant('{userappdata}\{#pFolder}'));
During install the local drive location is specified and stored in a config file.
An issue that I failed to predict is that when the program is installed, the path in the config file is defined for a single user, namely the user performing the install. In practice any user should be able to run the program...
To get the correct path for any given user, my software looks for a string "{UserName}" and replaces it with: Environ(UserName)
MyPath = Replace(MyPath, "{UserName}", Environ(UserName))
So, for example, in the installer I need to replace:
C:\Users\My Name\My Program OR C:\Users\My Admin\My Program
with something like:
C:\Users\\{UserName}\My Program
I alreay have this working in My Program but I am not sure of the best way to get it working in Inno... My inital thought was to write the config file like this:
StringChangeEx(MyPath, "My Name", "{UserName}", True)
Would like some perspective on this, not sure how to get it working for all situations.
Cheers,
You're doing it the wrong way.
Don't store the complete path in the config file; merely store a value that indicates that the user wishes to store data in the usual per-user location. (Or don't store any value, since that should be the default anyway.)
Then in your application, on every run of your application, use the Shell API to fetch the current AppData path for the current user and append your app's unique subfolder to this.
Note that it is perfectly valid for the user's AppData path to not contain their username, and not even be on C:. Don't make assumptions; use the Shell API. That's what it's for.
(Exactly which one to use and how to call it varies depending on target OS and your programming language of choice, which you haven't specified.)

How to get path to UITestActionLog.html from code

Each test case saves results to a separate UITestActionLog.html file. But in the end of each test case I'd like to move that .html to a different folder and rename it.
Is it possible to do so in, say, [TestCleanup()]? If yes, then how can I programmatically get .html report location?
The TestContext class contains several fields with "directory" in their names. These can be used to access the various directories associated with running the tests.
As well as managing the files as asked by your question the TestContext class has an AddResultFile method. The Microsoft documentation on this mehod is not clear, but it seems that the files are saved for failing tests and discarded for passing tests.
To get the directory in which the UITestActionLog file will be located, use the TestContext.TestResultsDirectory Property. You can use below code to get the full path:
string fullPath = TestContext.TestResultsDirectory +"\" +"UITestActionLog.html";

Exploiting and Correcting Path Traversal Vulnerability

I have a Java Web App running on Tomcat on which I'm supposed to exploit Path traversal vulnerability. There is a section (in the App) at which I can upload a .zip file, which gets extracted in the server's /tmp directory. The content of the .zip file is not being checked, so basically I could put anything in it. I tried putting a .jsp file in it and it extracts perfectly. My problem is that I don't know how to reach this file as a "normal" user from browser. I tried entering ../../../tmp/somepage.jsp in the address bar, but Tomcat just strips the ../ and gives me http://localhost:8080/tmp/ resource not available.
Ideal would be if I could somehow encode ../ in the path of somepage.jsp so that it gets extracted in the web riot directory of the Web App. Is this possible? Are there maybe any escape sequences that would translate to ../ after extracting?
Any ideas would be highly appreciated.
Note: This is a school project in a Security course where I'm supposed to locate vulnerabilities and correct them. Not trying to harm anyone...
Sorry about the downvotes. Security is very important, and should be taught.
Do you pass in the file name to be used?
The check that the server does is probably something something like If location starts with "/tmp" then allow it. So what you want to do is pass `/tmp/../home/webapp/"?
Another idea would be to see if you could craft a zip file that would result in the contents being moved up - like if you set "../" in the filename inside the zip, what would happen? You might need to manually modify things if your zip tools don't allow it.
To protect against this kind of vulnerability you are looking for something like this:
String somedirectory = "c:/fixed_directory/";
String file = request.getParameter("file");
if(file.indexOf(".")>-1)
{
//if it contains a ., disallow
out.print("stop trying to hack");
return;
}
else
{
//load specified file and print to screen
loadfile(somedirectory+file+".txt");
///.....
}
If you just were to pass the variable "file" to your loadfile function without checking, then someone could make a link to load any file they want. See https://www.owasp.org/index.php/Path_Traversal

Resources