Generate command should respect file name safety conventions.

[aeonforge]

Command

generate

Is this a regression?

• Yes, this behavior used to work in the previous version

The previous version in which this bug was not present was

No response

Description

Long story short is that the Angular CLI generate or g command is capable of doing some illegal and difficult to reverse file operations.

Longer version: I was going to create a component this morning to make building PrimeNG p-tables simpler and more dynamic. At the time I started, what I was thinking of was specific to a set of tables I intended to use in an administrative context, so I navigated to something like /src/modules/sales/costing-tool/components/templates and typed "ng g c admin-table". 

Before I hit enter, I thought about it and decided that rather than creating a module and specific use component that I'd rather make a general use component for generating p-tables dynamically & that it belonged in a shared module rather than a feature module. I thought I'd already deleted the CLI command out of the terminal so without looking I typed cd.. and hit enter. Which was the beginning of a 2+ hour headache that ended up costing me 2 days of work and which potentially could've cost me all the work I've done since May 5. 

So the command I effectively entered was "ng g c admin-tablecd..", and what happened is that the CLI was able to somehow dodge the OS level naming safety conventions & it created a folder named admin-tablecd.., which caused there to be an unresolvable reference in my project structure and made it unloadable and unbuildable. And there was nothing I could do to delete the offending folder. I tried deleting it through the UI, using DOS commands, using WSL commands including rmdir with the -rf flag, nothing would get rid of it, even after a reboot. I had just about resolved myself to having to clone my latest remote to a new local repo which would've set me back to the 5th when I tried rmdir with the "\?\c:\path\to\bad\directory" syntax which finally worked.

I think that optimally the generate command should respect naming safety conventions, or minimally provide a complimentary command to remove generated components.

Minimal Reproduction

Via the CLI, generate a component with a name that ends in a directory traversal operator, i.e. new-componentcd..

Exception or Error

The system cannot find the file or directory specified

Your Environment

Angular:

Package                      Version
------------------------------------------------------
@angular-devkit/architect    0.1502.4
@angular-devkit/core         15.2.4
@angular-devkit/schematics   15.2.4
@schematics/angular          15.2.4

Anything else relevant?

Can't think of anything.

[alan-agius4]

From #29275

Hi! Today while developing, I accidentally left a space in a command: ng generate interface interfaces /PostcodeArea. I should have written ng generate interface interfaces/PostcodeArea.

I meant to create an interface in app/src/interfaces/ (an already existing folder), however running this created an interface in a new folder: app/src/interfaces./. Folders ending with a dot cause a lot of issues that are out-of-scope for the Angular CLI, which I will post at their respective software. For example, when trying to delete the folder interfaces. in Visual Studio Code, it actually deletes the non-dotfolder (app/src/interfaces/ without warning!.) Furthermore, Windows explorer is unable to delete the folder from within the GUI, leaving users in trouble.

Like I mentioned, these issues are within Microsoft Windows and Visual Studio Code, however given that dotfolders can cause data loss and other issues, I think it would be nice and appropriate if the Angular CLI would have a catch for this and refuse to execute the command, for example.

For anyone looking for how to delete their folder. after reproduction: this answer on stackoverflow tells you how; by running del "\\?\<absolute path to folder>".