Added validator to check if a given path is inside an open Collection

Author: ramki-bruno

packages/bruno-electron/src/app/collection-watcher.js

@@ -615,6 +615,14 @@ class CollectionWatcher {
       watcher?.add?.(itemPath);
     }
   }
+
+  getAllWatcherPaths() {
+    return Object.entries(this.watchers)
+      .filter(([path, watcher]) => !!watcher)
+      .map(([path, _watcher]) => path);
+  }
 }
 
-module.exports = CollectionWatcher;
+const collectionWatcher = new CollectionWatcher();
+
+module.exports = collectionWatcher;

packages/bruno-electron/src/index.js

@@ -32,7 +32,7 @@ const LastOpenedCollections = require('./store/last-opened-collections');
 const registerNetworkIpc = require('./ipc/network');
 const registerCollectionsIpc = require('./ipc/collection');
 const registerPreferencesIpc = require('./ipc/preferences');
-const CollectionWatcher = require('./app/collection-watcher');
+const collectionWatcher = require('./app/collection-watcher');
 const { loadWindowState, saveBounds, saveMaximized } = require('./utils/window');
 const registerNotificationsIpc = require('./ipc/notifications');
 const registerGlobalEnvironmentsIpc = require('./ipc/global-environments');
@@ -60,7 +60,6 @@ setContentSecurityPolicy(contentSecurityPolicy.join(';') + ';');
 const menu = Menu.buildFromTemplate(menuTemplate);
 
 let mainWindow;
-let collectionWatcher;
 
 // Prepare the renderer once the app is ready
 app.on('ready', async () => {
@@ -136,7 +135,6 @@ app.on('ready', async () => {
       );
     }
   });
-  collectionWatcher = new CollectionWatcher();
 
   const handleBoundsChange = () => {
     if (!mainWindow.isMaximized()) {

packages/bruno-electron/src/ipc/collection.js

@@ -42,6 +42,7 @@ const { getEnvVars, getTreePathFromCollectionToItem, mergeVars, parseBruFileMeta
 const { getProcessEnvVars } = require('../store/process-env');
 const { getOAuth2TokenUsingAuthorizationCode, getOAuth2TokenUsingClientCredentials, getOAuth2TokenUsingPasswordCredentials, refreshOauth2Token } = require('../utils/oauth2');
 const { getCertsAndProxyConfig } = require('./network');
+const collectionWatcher = require('../app/collection-watcher');
 
 const environmentSecretsStore = new EnvironmentSecretsStore();
 const collectionSecurityStore = new CollectionSecurityStore();
@@ -58,6 +59,16 @@ const envHasSecrets = (environment = {}) => {
   return secrets && secrets.length > 0;
 };
 
+const validateCollectionSubPath = (path) => {
+  const openCollectionPaths = collectionWatcher.getAllWatcherPaths();
+  const isValid = openCollectionPaths.some((collectionPath) => {
+    return path.startsWith(collectionPath);
+  });
+  if (!isValid) {
+    throw new Error(`Path: ${path} should be inside a collection`);
+  }
+}
+
 const registerRendererEventHandlers = (mainWindow, watcher, lastOpenedCollections) => {
   // browse directory
   ipcMain.handle('renderer:browse-directory', async (event, pathname, request) => {
@@ -238,6 +249,7 @@ const registerRendererEventHandlers = (mainWindow, watcher, lastOpenedCollection
         throw new Error(`${request.filename}.bru is not a valid filename`);
       }
       const content = await jsonToBruViaWorker(request);
+      validateCollectionSubPath(pathname);
       await writeFile(pathname, content);
     } catch (error) {
       return Promise.reject(error);