Add security hardening and atomic writes to backend writers

nickprotop · nickprotop · commit 74914f7dd239 · 2026-01-06T11:54:50.000+02:00
- Add XXE attack prevention with secure XML reader settings (iOS)
- Add atomic write operations with temp files to prevent corruption (Json, Po, Resx, iOS)
- Use safe JSON encoder to prevent XSS attacks (Json)
- Ensure UTF-8 without BOM encoding consistency
diff --git a/LocalizationManager.Core/Backends/Json/JsonResourceWriter.cs b/LocalizationManager.Core/Backends/Json/JsonResourceWriter.cs
@@ -47,7 +47,19 @@ public JsonResourceWriter(JsonFormatConfiguration? config = null)
     public void Write(ResourceFile file)
     {
         var json = BuildJsonString(file);
-        File.WriteAllText(file.Language.FilePath, json);
+
+        // Use atomic write to prevent file corruption
+        var tempPath = file.Language.FilePath + $".tmp.{Guid.NewGuid()}";
+        try
+        {
+            File.WriteAllText(tempPath, json, new System.Text.UTF8Encoding(false));
+            File.Move(tempPath, file.Language.FilePath, overwrite: true);
+        }
+        finally
+        {
+            if (File.Exists(tempPath))
+                File.Delete(tempPath);
+        }
     }
 
     /// <summary>
@@ -108,7 +120,7 @@ private string BuildJsonString(ResourceFile file)
         return JsonSerializer.Serialize(root, new JsonSerializerOptions
         {
             WriteIndented = true,
-            Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping
+            Encoder = JavaScriptEncoder.Default  // Use safe encoder to prevent XSS
         });
     }
 
diff --git a/LocalizationManager.Core/Backends/Po/PoResourceWriter.cs b/LocalizationManager.Core/Backends/Po/PoResourceWriter.cs
@@ -37,10 +37,20 @@ public async Task WriteAsync(ResourceFile file, CancellationToken ct = default)
             Directory.CreateDirectory(directory);
 
         // Atomic write: write to temp file then rename
-        var tempPath = file.Language.FilePath + ".tmp";
-        // Use UTF-8 without BOM (PO file standard)
-        await File.WriteAllTextAsync(tempPath, content, new UTF8Encoding(false), ct);
-        File.Move(tempPath, file.Language.FilePath, overwrite: true);
+        // Use unique temp file name to prevent race conditions with concurrent writes
+        var tempPath = file.Language.FilePath + $".tmp.{Guid.NewGuid()}";
+        try
+        {
+            // Use UTF-8 without BOM (PO file standard)
+            await File.WriteAllTextAsync(tempPath, content, new UTF8Encoding(false), ct);
+            File.Move(tempPath, file.Language.FilePath, overwrite: true);
+        }
+        finally
+        {
+            // Clean up temp file if it still exists
+            if (File.Exists(tempPath))
+                File.Delete(tempPath);
+        }
     }
 
     /// <inheritdoc />
@@ -214,7 +224,8 @@ private void WriteEntryContent(StringBuilder sb, ResourceEntry entry, string lan
         var msgId = entry.Key;
 
         var pipeIndex = entry.Key.IndexOf('|');
-        if (pipeIndex > 0)
+        // Validate: pipe must not be first or last character
+        if (pipeIndex > 0 && pipeIndex < entry.Key.Length - 1)
         {
             context = entry.Key.Substring(0, pipeIndex);
             msgId = entry.Key.Substring(pipeIndex + 1);
diff --git a/LocalizationManager.Core/Backends/Resx/ResxResourceWriter.cs b/LocalizationManager.Core/Backends/Resx/ResxResourceWriter.cs
@@ -80,8 +80,18 @@ public void Write(ResourceFile file)
                 WriteWithUniqueKeys(root, file.Entries);
             }
 
-            // Save with proper formatting
-            xdoc.Save(file.Language.FilePath);
+            // Save with proper formatting using atomic write to prevent file corruption
+            var tempPath = file.Language.FilePath + $".tmp.{Guid.NewGuid()}";
+            try
+            {
+                xdoc.Save(tempPath);
+                File.Move(tempPath, file.Language.FilePath, overwrite: true);
+            }
+            finally
+            {
+                if (File.Exists(tempPath))
+                    File.Delete(tempPath);
+            }
         }
         catch (Exception ex)
         {
diff --git a/LocalizationManager.Core/Backends/iOS/IosResourceWriter.cs b/LocalizationManager.Core/Backends/iOS/IosResourceWriter.cs
@@ -51,7 +51,19 @@ public void Write(ResourceFile file)
                 new StringsFileParser.StringsEntry(e.Key, e.Value ?? "", e.Comment));
 
             var content = _stringsParser.Serialize(stringsEntries);
-            File.WriteAllText(stringsPath, content);
+
+            // Use atomic write to prevent file corruption
+            var tempPath = stringsPath + $".tmp.{Guid.NewGuid()}";
+            try
+            {
+                File.WriteAllText(tempPath, content, new System.Text.UTF8Encoding(false));
+                File.Move(tempPath, stringsPath, overwrite: true);
+            }
+            finally
+            {
+                if (File.Exists(tempPath))
+                    File.Delete(tempPath);
+            }
         }
         else if (!pluralStrings.Any())
         {
@@ -75,7 +87,19 @@ public void Write(ResourceFile file)
                     e.PluralForms!));
 
             var content = _stringsdictParser.Serialize(stringsdictEntries);
-            File.WriteAllText(stringsdictPath, content);
+
+            // Use atomic write to prevent file corruption
+            var tempPath = stringsdictPath + $".tmp.{Guid.NewGuid()}";
+            try
+            {
+                File.WriteAllText(tempPath, content, new System.Text.UTF8Encoding(false));
+                File.Move(tempPath, stringsdictPath, overwrite: true);
+            }
+            finally
+            {
+                if (File.Exists(tempPath))
+                    File.Delete(tempPath);
+            }
         }
         else if (File.Exists(stringsdictPath))
         {
diff --git a/LocalizationManager.Core/Backends/iOS/StringsFileParser.cs b/LocalizationManager.Core/Backends/iOS/StringsFileParser.cs
@@ -241,6 +241,7 @@ public static string EscapeString(string s)
     }
 
     // Pattern: "key" = "value"; with optional whitespace and semicolon
-    [GeneratedRegex(@"^\s*""(.+?)""\s*=\s*""(.*)""\s*;?\s*$", RegexOptions.Singleline)]
+    // Using timeout to prevent ReDoS attacks
+    [GeneratedRegex(@"^\s*""(.+?)""\s*=\s*""(.*)""\s*;?\s*$", RegexOptions.Singleline, 1000)]
     private static partial Regex KeyValuePattern();
 }

Original file line number	Diff line number	Diff line change
`@@ -241,6 +241,7 @@ public static string EscapeString(string s)`
`241`	`241`	`}`
`242`	`242`
`243`	`243`	`// Pattern: "key" = "value"; with optional whitespace and semicolon`
`244`		`- [GeneratedRegex(@"^\s""(.+?)""\s=\s""(.)""\s;?\s$", RegexOptions.Singleline)]`
	`244`	`+ // Using timeout to prevent ReDoS attacks`
	`245`	`+ [GeneratedRegex(@"^\s""(.+?)""\s=\s""(.)""\s;?\s$", RegexOptions.Singleline, 1000)]`
`245`	`246`	`private static partial Regex KeyValuePattern();`
`246`	`247`	`}`