Hugging Face's logo

Spaces:
soiz1
/
s4s-editor
Running

App Files Community
s4s-editor
File size: 2,412 Bytes 
dce0dd6
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
// Upstream TW list from tw-security-manager-modal, but we use this list to skip stuff not in here.
// Technically that is a security risk, but having a constant prompt for downloading innocent files
// like save data would be annoying.
//
// Common unsafe files will likely have an OS prompt, and uncommon unsafe files are likely from
// other software that the user installed, and is aware of what that software will do with said file.
const DEFINITELY_EXECUTABLE = [
    // Entries should be lowercase and without leading period.
    // Note that the user will have the final choice of whether or not to open the downloaded file.
    // A file extension missing from this list is a bug we want to fix, but not a security bug that
    // would be eligible for a vulnerability badge.

    // Anything that is missing here should also be added to the upstream TW list if it's missing there.

    // Windows executable formats
    'exe',
    'msi',
    'msix',
    'msixbundle',
    'com',
    'scf',
    'scr',
    'sct',
    'dll',
    'appx',
    'appxbundle',
    'reg',
    'iso',
    'drv',
    'sys',

    // Mac executable formats
    'app',
    'dmg',
    'pkg',

    // Unix executable formats
    'so',
    'a',
    'run',
    'appimage',
    'deb',
    'rpm',
    'snap',
    'flatpakref',

    // Cross-platform executable formats
    'jar',

    // Browser extensions
    'crx',
    'xpi',

    // Shortcuts
    'url',
    'webloc',
    'inetloc',
    'lnk',
    'shortcut',

    // Windows scripting languages
    'bat',
    'cmd',
    'ps1',
    'psm1',
    'asp',
    'vbs',
    'vbe',
    'ws',
    'wsf',
    'wsc',
    'ahk',

    // Microsoft Office macros
    'docm',
    'dotm',
    'xlm',
    'xlsm',
    'xltm',
    'xla',
    'xlam',
    'pptm',
    'potm',
    'ppsm',
    'sldm',

    // Unix scripting languages
    'sh',

    // Common cross-platform languages with interpreters that could be executed by double clicking on the file
    'js',
    'py'
];

/**
 * @param {string} name Name of file
 * @returns {boolean} True indicates definitely dangerous. False does not mean safe.
 */
const isDefinitelyExecutable = name => {
    const parts = name.split('.');
    const extension = parts.length > 1 ? parts.pop().toLowerCase() : null;
    return extension !== null && DEFINITELY_EXECUTABLE.includes(extension);
};

export {
    DEFINITELY_EXECUTABLE,
    isDefinitelyExecutable,
};