feat: prevent local files from opening. (#777)

Author: setchy

src/components/Repository.tsx

@@ -1,12 +1,11 @@
-const { shell } = require('electron');
-
 import React, { useCallback, useContext } from 'react';
 import { ReadIcon } from '@primer/octicons-react';
 import { CSSTransition, TransitionGroup } from 'react-transition-group';
 
 import { AppContext } from '../context/App';
 import { Notification } from '../typesGithub';
 import { NotificationRow } from './NotificationRow';
+import { openExternalLink } from '../utils/comms';
 
 interface IProps {
   hostname: string;
@@ -23,7 +22,7 @@ export const RepositoryNotifications: React.FC<IProps> = ({
 
   const openBrowser = useCallback(() => {
     const url = repoNotifications[0].repository.html_url;
-    shell.openExternal(url);
+    openExternalLink(url);
   }, [repoNotifications]);
 
   const markRepoAsRead = useCallback(() => {

src/components/Sidebar.tsx

@@ -1,5 +1,5 @@
 import { BellIcon } from '@primer/octicons-react';
-import { ipcRenderer, shell } from 'electron';
+import { ipcRenderer } from 'electron';
 import React, { useCallback, useContext, useMemo } from 'react';
 import { useNavigate, useLocation } from 'react-router-dom';
 
@@ -9,6 +9,7 @@ import { IconCog } from '../icons/Cog';
 import { IconQuit } from '../icons/Quit';
 import { IconRefresh } from '../icons/Refresh';
 import { Constants } from '../utils/constants';
+import { openExternalLink } from '../utils/comms';
 
 export const Sidebar: React.FC = () => {
   const navigate = useNavigate();
@@ -18,11 +19,11 @@ export const Sidebar: React.FC = () => {
   const { notifications, fetchNotifications } = useContext(AppContext);
 
   const onOpenBrowser = useCallback(() => {
-    shell.openExternal(`https://github.com/${Constants.REPO_SLUG}`);
+    openExternalLink(`https://github.com/${Constants.REPO_SLUG}`);
   }, []);
 
   const onOpenGitHubNotifications = useCallback(() => {
-    shell.openExternal(`https://github.com/notifications`);
+    openExternalLink(`https://github.com/notifications`);
   }, []);
 
   const quitApp = useCallback(() => {

src/routes/LoginWithToken.tsx

@@ -2,12 +2,12 @@ import React, { useCallback, useContext, useState } from 'react';
 import { Form, FormRenderProps } from 'react-final-form';
 import { ArrowLeftIcon } from '@primer/octicons-react';
 import { useNavigate } from 'react-router-dom';
-import { shell } from 'electron';
 
 import { AppContext } from '../context/App';
 import { AuthTokenOptions } from '../types';
 import { Constants } from '../utils/constants';
 import { FieldInput } from '../components/fields/FieldInput';
+import { openExternalLink } from '../utils/comms';
 
 interface IValues {
   token?: string;
@@ -46,7 +46,7 @@ export const LoginWithToken: React.FC = () => {
   const [isValidToken, setIsValidToken] = useState<boolean>(true);
 
   const openLink = useCallback((url: string) => {
-    shell.openExternal(url);
+    openExternalLink(url);
   }, []);
 
   const renderForm = (formProps: FormRenderProps) => {

src/utils/comms.test.ts

@@ -41,6 +41,11 @@ describe('utils/comms.ts', () => {
     expect(shell.openExternal).toHaveBeenCalledWith('http://www.gitify.io/');
   });
 
+  it('should ignore opening external local links file:///', () => {
+    openExternalLink('file:///Applications/SomeApp.app');
+    expect(shell.openExternal).toHaveBeenCalledTimes(0);
+  });
+
   it('should setAutoLaunch (true)', () => {
     setAutoLaunch(true);
 

src/utils/comms.ts

@@ -1,7 +1,9 @@
 import { ipcRenderer, shell } from 'electron';
 
 export function openExternalLink(url: string): void {
-  shell.openExternal(url);
+  if (!url.toLowerCase().startsWith('file:///')) {
+    shell.openExternal(url);
+  }
 }
 
 export function setAutoLaunch(value: boolean): void {