fix(cli): validate `productName` in config, closes #5233 (#5262)

.changes/cli-product-name-validation.md

@@ -0,0 +1,7 @@
+---
+"cli.rs": "patch"
+"tauri-utils": "patch"
+---
+
+Validate `pacakge > productName` in the tauri config and produce errors if it contains one of the following characters `/\:*?\"<>|`
+

core/tauri-utils/src/config.rs

@@ -2585,6 +2585,7 @@ impl<'d> serde::Deserialize<'d> for PackageVersion {
 pub struct PackageConfig {
   /// App name.
   #[serde(alias = "product-name")]
+  #[cfg_attr(feature = "schema", validate(regex(pattern = "^[^/\\:*?\"<>|]+$")))]
   pub product_name: Option<String>,
   /// App version. It is a semver version number or a path to a `package.json` file containing the `version` field.
   #[serde(deserialize_with = "version_deserializer", default)]

tooling/cli/Cargo.toml

@@ -52,7 +52,7 @@ toml_edit = "0.14"
 json-patch = "0.2"
 tauri-utils = { version = "1.1.1", path = "../../core/tauri-utils", features = [ "isolation", "schema", "config-json5", "config-toml" ] }
 toml = "0.5"
-valico = "3.6"
+jsonschema = "0.16"
 handlebars = "4.3"
 include_dir = "0.7"
 minisign = "0.7"

tooling/cli/schema.json

@@ -207,7 +207,8 @@
           "type": [
             "string",
             "null"
-          ]
+          ],
+          "pattern": "^[^/\\:*?\"<>|]+$"
         },
         "version": {
           "description": "App version. It is a semver version number or a path to a `package.json` file containing the `version` field.",

tooling/cli/src/helpers/config.rs

@@ -135,28 +135,15 @@ fn get_internal(merge_config: Option<&str>, reload: bool) -> crate::Result<Confi
     || config_path.extension() == Some(OsStr::new("json5"))
   {
     let schema: JsonValue = serde_json::from_str(include_str!("../../schema.json"))?;
-    let mut scope = valico::json_schema::Scope::new();
-    let schema = scope.compile_and_return(schema, false).unwrap();
-    let state = schema.validate(&config);
-    if !state.errors.is_empty() {
-      for error in state.errors {
-        let path = error
-          .get_path()
-          .chars()
-          .skip(1)
-          .collect::<String>()
-          .replace('/', " > ");
+    let schema = jsonschema::JSONSchema::compile(&schema).unwrap();
+    let result = schema.validate(&config);
+    if let Err(errors) = result {
+      for error in errors {
+        let path = error.instance_path.clone().into_vec().join(" > ");
         if path.is_empty() {
-          eprintln!(
-            "`{config_file_name}` error: {}",
-            error.get_detail().unwrap_or_else(|| error.get_title()),
-          );
+          eprintln!("`{config_file_name}` error: {}", error);
         } else {
-          eprintln!(
-            "`{config_file_name}` error on `{}`: {}",
-            path,
-            error.get_detail().unwrap_or_else(|| error.get_title()),
-          );
+          eprintln!("`{config_file_name}` error on `{}`: {}", path, error);
         }
       }
       exit(1);

tooling/cli/src/interface/rust/desktop.rs

@@ -344,6 +344,8 @@ fn rename_app(bin_path: &Path, product_name: Option<&str>) -> crate::Result<Path
       .join(&product_name)
       .with_extension(bin_path.extension().unwrap_or_default());
 
+    std::fs::create_dir_all(product_path.parent().unwrap())?;
+
     rename(&bin_path, &product_path).with_context(|| {
       format!(
         "failed to rename `{}` to `{}`",