Validate SQLite filename in databaseExists

Add validation so that a malicious tenant DB name can't be used to detect if a file exists.

src/Database/TenantDatabaseManagers/SQLiteDatabaseManager.php

@@ -128,7 +128,13 @@ class SQLiteDatabaseManager implements TenantDatabaseManager
 
     public function databaseExists(string $name): bool
     {
-        return $this->isInMemory($name) || file_exists($this->getPath($name));
+        if ($this->isInMemory($name)) {
+            return true;
+        }
+
+        $this->validateParameter($name);
+
+        return file_exists($this->getPath($name));
     }
 
     public function makeConnectionConfig(array $baseConfig, string $databaseName): array

tests/TenantDatabaseManagerTest.php

@@ -623,6 +623,16 @@ test('database managers validate parameters that cannot be bound', function ($dr
     expect(fn () => $manager->deleteDatabase($validTenant))->not()->toThrow(InvalidArgumentException::class);
 })->with('database_managers');
 
+test('sqlite database manager validates the name in databaseExists', function () {
+    $manager = app(SQLiteDatabaseManager::class);
+
+    expect(fn () => $manager->databaseExists("../invalid-db-name.sqlite"))
+        ->toThrow(InvalidArgumentException::class);
+
+    expect(fn () => $manager->databaseExists('valid-db_name.sqlite'))
+        ->not()->toThrow(InvalidArgumentException::class);
+});
+
 // Datasets
 dataset('database_managers', [
     ['mysql', MySQLDatabaseManager::class],