Skip to content

Validate Linux app identifiers#597

Open
jsdavid278-cyber wants to merge 1 commit into
profullstack:masterfrom
jsdavid278-cyber:codex/linux-app-id-validation
Open

Validate Linux app identifiers#597
jsdavid278-cyber wants to merge 1 commit into
profullstack:masterfrom
jsdavid278-cyber:codex/linux-app-id-validation

Conversation

@jsdavid278-cyber
Copy link
Copy Markdown
Contributor

@jsdavid278-cyber jsdavid278-cyber commented Jun 5, 2026

Fixes #596.

Changes:

  • validate desktop-linux appId as a reverse-DNS identifier before build or ship
  • use the normalized appId in generated Linux package plans and real ship IDs
  • add regression tests for invalid appId values in build and ship flows

Validation:

  • vitest run packages/targets/desktop-linux/src/index.test.ts
  • tsc -p packages/targets/desktop-linux/tsconfig.json --noEmit

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented Jun 5, 2026
edited
Loading

Greptile Summary

This PR adds a requireAppId helper to the desktop-linux target that validates the appId field against a reverse-DNS pattern before any build or ship work begins, and wires the validated value into the generated package plan and the returned ship ID.

  • Regex too narrow for Flatpak: The pattern [A-Za-z0-9-] omits underscores; Flatpak app IDs follow D-Bus naming conventions that allow underscores (e.g. org.some_project.App), so valid Flatpak IDs will be rejected at runtime.
  • Log line inconsistency: ship logs config.appId (raw) while returning the trimmed appId, so the log can disagree with the actual published ID when surrounding whitespace is present.
  • Test coverage: New tests cover path-traversal and slash-containing IDs; the empty/undefined branch and any underscore-containing Flatpak ID are not exercised.

Confidence Score: 3/5

The validation logic will incorrectly reject legitimate Flatpak app IDs containing underscores, which are allowed by the D-Bus naming convention Flatpak follows.

The regex excludes underscores from every component segment, meaning any real-world Flatpak ID with an underscore (e.g. org.some_project.App) will throw at build or ship time even though it is a well-formed identifier. This affects a supported format in the same target.

The APP_ID_PATTERN constant in packages/targets/desktop-linux/src/index.ts needs the underscore character added to each segment class, and line 66 should switch from config.appId to the validated appId.

Important Files Changed

Filename Overview
packages/targets/desktop-linux/src/index.ts Adds requireAppId with a reverse-DNS regex; the regex excludes underscores (breaking valid Flatpak IDs), and the ship log still references the raw config.appId instead of the validated value.
packages/targets/desktop-linux/src/index.test.ts Imports fakeShipContext and adds two regression tests for invalid appId values; covers path-traversal and slash cases, but misses the empty/undefined branch and underscore-containing Flatpak ID cases.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[build / ship called] --> B[requireAppId]
    B --> C{appId present?}
    C -- No --> D[throw: desktop-linux requires appId]
    C -- Yes --> E{matches APP_ID_PATTERN?}
    E -- No --> F[throw: must be a valid reverse-DNS identifier]
    E -- Yes --> G[return trimmed appId]
    G --> H{build or ship?}
    H -- build --> I[write linux-package-plan.json using validated appId]
    H -- ship --> J[log uses raw config.appId ⚠️ / return id uses validated appId]
    I --> K[return artifact path]
    J --> L[return id: appId@version]
Loading

Comments Outside Diff (1)

  1. packages/targets/desktop-linux/src/index.ts, line 66 (link)

    P2 Log uses raw config.appId instead of validated appId

    requireAppId trims the input and returns the sanitized value into appId, but the log call still interpolates config.appId. If a caller passes an ID with surrounding whitespace (e.g. " com.acme.app "), the trim removes the whitespace before regex validation, the call succeeds, the return ID is com.acme.app@version — but the log line emits com.acme.app @version, making the log inconsistent with the actual published ID.

Reviews (1): Last reviewed commit: "Validate Linux app identifiers" | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread packages/targets/desktop-linux/src/index.ts
direct?: { host: 'github-releases' | 'cdn'; project?: string };
}

const APP_ID_PATTERN = /^[A-Za-z][A-Za-z0-9-]*(\.[A-Za-z][A-Za-z0-9-]*)+$/;
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot Jun 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 The regex character class [A-Za-z0-9-] excludes underscores. Flatpak application IDs follow the D-Bus naming convention, which explicitly permits underscores in each segment (e.g. org.some_project.App). Without underscore support, valid Flatpak IDs will be wrongly rejected by this validator.

Suggested change
const APP_ID_PATTERN = /^[A-Za-z][A-Za-z0-9-]*(\.[A-Za-z][A-Za-z0-9-]*)+$/;
const APP_ID_PATTERN = /^[A-Za-z][A-Za-z0-9_-]*(\.[A-Za-z][A-Za-z0-9_-]*)+$/;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

desktop-linux accepts invalid app identifiers

1 participant

@jsdavid278-cyber