From 044be7ad41a871c242dcab2c2f8045004986ee96 Mon Sep 17 00:00:00 2001
From: Brent Hagen <brent.hagen@opentrons.com>
Date: Wed, 1 May 2024 15:28:35 -0400
Subject: [PATCH] fix(api-client): sanitize file name thoroughly (#15062)

more thoroughly remove all spaces and special characters from splash file name

closes RQA-2668
---
 api-client/src/system/__tests__/utils.test.ts | 20 +++++++++++++++++++
 api-client/src/system/createSplash.ts         |  6 ++++--
 api-client/src/system/index.ts                |  1 +
 api-client/src/system/utils.ts                |  3 +++
 4 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100644 api-client/src/system/__tests__/utils.test.ts
 create mode 100644 api-client/src/system/utils.ts

diff --git a/api-client/src/system/__tests__/utils.test.ts b/api-client/src/system/__tests__/utils.test.ts
new file mode 100644
index 00000000000..3121c061a59
--- /dev/null
+++ b/api-client/src/system/__tests__/utils.test.ts
@@ -0,0 +1,20 @@
+import { describe, expect, it } from 'vitest'
+import { sanitizeFileName } from '../utils'
+
+describe('sanitizeFileName', () => {
+  it('returns original alphanumeric file name', () => {
+    expect(sanitizeFileName('an0ther_otie_logo.png')).toEqual(
+      'an0ther_otie_logo.png'
+    )
+  })
+
+  it('sanitizes a file name', () => {
+    expect(
+      sanitizeFileName(
+        `otie's birthday/party - (& the bouncy castle cost ~$100,000).jpeg`
+      )
+    ).toEqual(
+      'otie_s_birthday_party_-____the_bouncy_castle_cost___100_000_.jpeg'
+    )
+  })
+})
diff --git a/api-client/src/system/createSplash.ts b/api-client/src/system/createSplash.ts
index fd0b11bd575..abaa280b226 100644
--- a/api-client/src/system/createSplash.ts
+++ b/api-client/src/system/createSplash.ts
@@ -1,4 +1,5 @@
 import { POST, request } from '../request'
+import { sanitizeFileName } from './utils'
 import type { ResponsePromise } from '../request'
 import type { HostConfig } from '../types'
 
@@ -6,8 +7,9 @@ export function createSplash(
   config: HostConfig,
   file: File
 ): ResponsePromise<void> {
-  // sanitize file name to ensure no spaces
-  const renamedFile = new File([file], file.name.replace(' ', '_'), {
+  // sanitize file name to ensure no spaces or special characters
+  const newFileName = sanitizeFileName(file.name)
+  const renamedFile = new File([file], newFileName, {
     type: 'image/png',
   })
 
diff --git a/api-client/src/system/index.ts b/api-client/src/system/index.ts
index 3c63202c31f..4dc86594d2c 100644
--- a/api-client/src/system/index.ts
+++ b/api-client/src/system/index.ts
@@ -3,3 +3,4 @@ export { createRegistration } from './createRegistration'
 export { createSplash } from './createSplash'
 export { getConnections } from './getConnections'
 export * from './types'
+export * from './utils'
diff --git a/api-client/src/system/utils.ts b/api-client/src/system/utils.ts
new file mode 100644
index 00000000000..cc0eea11130
--- /dev/null
+++ b/api-client/src/system/utils.ts
@@ -0,0 +1,3 @@
+export function sanitizeFileName(fileName: string): string {
+  return fileName.replace(/[^a-zA-Z0-9-.]/gi, '_')
+}