Skip to content

Commit 991187e

Browse files
resolving comments
1 parent d94f24f commit 991187e

File tree

2 files changed

+18
-6
lines changed

2 files changed

+18
-6
lines changed

diagnostics/resources/log_collection_script.ps1

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -746,7 +746,7 @@ function Export-EdgeUpdateRegistry {
746746
# Function to get user data folders from WebView2 processes
747747
function Get-WebView2UserDataFolder {
748748
param(
749-
[Parameter(Mandatory=$true)]
749+
[Parameter(Mandatory=$false)]
750750
[string]$ExeName,
751751

752752
[Parameter(Mandatory=$false)]
@@ -757,13 +757,25 @@ function Get-WebView2UserDataFolder {
757757
# Look for Crashpad folder
758758
$crashpadFolder = ""
759759
$folderToCheck = ""
760-
$uniqueUserDataFolders = @()
760+
$foundUserDataFolder = ""
761761

762762
if (-not [string]::IsNullOrWhiteSpace($UserDataDir)) {
763+
# Validate UserDataDir to prevent path traversal
764+
if ($UserDataDir -match '\.\.') {
765+
Write-Host "Error: UserDataDir contains path traversal sequences (..). This is not allowed for security reasons." -ForegroundColor Red
766+
return @{ UserDataFolders = @(); CrashpadFolder = "" }
767+
}
768+
769+
# Check if path is absolute (Windows path or UNC path)
770+
if (-not ([System.IO.Path]::IsPathRooted($UserDataDir))) {
771+
Write-Host "Error: UserDataDir must be an absolute path. Relative paths are not allowed." -ForegroundColor Red
772+
return @{ UserDataFolders = @(); CrashpadFolder = "" }
773+
}
774+
763775
Write-Host "Using provided UserDataDir: $UserDataDir" -ForegroundColor Cyan
764776
$folderToCheck = $UserDataDir
765777
}
766-
else {
778+
elseif (-not [string]::IsNullOrWhiteSpace($ExeName)) {
767779
Write-Host "Searching for msedgewebview2.exe processes with exe name: $ExeName" -ForegroundColor Green
768780

769781
# Get all msedgewebview2.exe processes with their command lines
@@ -788,7 +800,7 @@ function Get-WebView2UserDataFolder {
788800
# Pattern handles: --user-data-dir="path" or --user-data-dir=path
789801
if ($commandLine -match '--user-data-dir=(?:"([^"]+)"|([^\s]+))') {
790802
$folderToCheck = if ($matches[1]) { $matches[1] } else { $matches[2] }
791-
$uniqueUserDataFolders = @($folderToCheck)
803+
$foundUserDataFolder = $folderToCheck
792804
Write-Host "Found user data folder: $folderToCheck" -ForegroundColor Green
793805
break
794806
}
@@ -817,7 +829,7 @@ function Get-WebView2UserDataFolder {
817829
Write-Host "No user data folder available to check for Crashpad" -ForegroundColor Yellow
818830
}
819831

820-
return @{ UserDataFolders = $uniqueUserDataFolders; CrashpadFolder = $crashpadFolder }
832+
return @{ UserDataFolders = @($foundUserDataFolder); CrashpadFolder = $crashpadFolder }
821833
}
822834
catch {
823835
Write-Host "Error getting WebView2 user data folders: $($_.Exception.Message)" -ForegroundColor Red

diagnostics/script.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ The script will collect some registry keys and directory listings, start a WPR t
2727
- msedge_installer_Temp.log (*optional*)
2828
- msedge_installer_SystemTemp.log (*optional*)
2929
- msedge_installer_SystemTemp2.log (*optional*)
30-
- Crashpad folder (*optional*, if ExeName or userDataDir provided): Contains crash dumps and metadata to help diagnose application crashes.
30+
- Crashpad folder (*optional*, if ExeName or UserDataDir provided): Contains crash dumps and metadata to help diagnose application crashes.
3131
7. Provide the resulting ZIP file to the WebView2 support team for analysis.
3232

3333
**Optional**

0 commit comments

Comments
 (0)