Summary
FileDropDatabase validates that the target directory only contains files with the correct extension before deletion, which is good. However, it compares extensions using string.Compare with the raw extension including the dot from Path.GetExtension() vs the provider extension which may not include the dot, potentially bypassing the safety check.
Location
src/Data.Common/FileStatements/FileDropDatabase.cs:49 — Extension comparison
Details
Path.GetExtension() returns .csv (with dot), but providerFileExtension (from FileExtension property) may be csv (without dot). If they don't match format, the safety check always fails, preventing legitimate DROP DATABASE, or always passes, allowing deletion of folders with non-matching files.
Suggested Fix
Normalize both extensions before comparison:
var normalizedExt = providerFileExtension.StartsWith(".") ? providerFileExtension : "." + providerFileExtension;
if (filesInFolder.Any(f => string.Compare(Path.GetExtension(f), normalizedExt, true) != 0))
Summary
FileDropDatabasevalidates that the target directory only contains files with the correct extension before deletion, which is good. However, it compares extensions usingstring.Comparewith the raw extension including the dot fromPath.GetExtension()vs the provider extension which may not include the dot, potentially bypassing the safety check.Location
src/Data.Common/FileStatements/FileDropDatabase.cs:49— Extension comparisonDetails
Path.GetExtension()returns.csv(with dot), butproviderFileExtension(fromFileExtensionproperty) may becsv(without dot). If they don't match format, the safety check always fails, preventing legitimate DROP DATABASE, or always passes, allowing deletion of folders with non-matching files.Suggested Fix
Normalize both extensions before comparison: