Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd5ebb46

Browse files
authored
Build: Make middleware-mockserver not crash on reading nonexistent files
`fs.readFileSync` crashes when a non-existing file is passed to it. Some APIsof `middleware-mockserver` read a file the path of which depends on queryparameters, making it possible to crash it by providing such a parameter. Theold PHP server doesn't have these issues.To fix this, wrap all `fs.readFileSync` occurrences with a function that fallsback to the string `"ERROR"`.Closesgh-5579
1 parent329661f commitd5ebb46

File tree

1 file changed

+25
-9
lines changed

1 file changed

+25
-9
lines changed

‎test/middleware-mockserver.cjs‎

Lines changed: 25 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,19 @@ const multiparty = require( "multiparty" );
77

88
letcspLog="";
99

10+
/**
11+
* Like `readFileSync`, but on error returns "ERROR"
12+
* without crashing.
13+
*@param path
14+
*/
15+
functionreadFileSync(path){
16+
try{
17+
returnfs.readFileSync(path);
18+
}catch(e){
19+
return"ERROR";
20+
}
21+
}
22+
1023
/**
1124
* Keep in sync with /test/mock.php
1225
*/
@@ -143,7 +156,7 @@ const mocks = {
143156
},
144157
xmlOverJsonp:function(req,resp){
145158
constcallback=req.query.callback;
146-
constbody=fs.readFileSync(`${__dirname}/data/with_fries.xml`).toString();
159+
constbody=readFileSync(`${__dirname}/data/with_fries.xml`).toString();
147160
resp.writeHead(200);
148161
resp.end(`${cleanCallback(callback)}(${JSON.stringify(body)})\n`);
149162
},
@@ -238,8 +251,9 @@ const mocks = {
238251
},
239252
testHTML:function(req,resp){
240253
resp.writeHead(200,{"Content-Type":"text/html"});
241-
constbody=fs
242-
.readFileSync(`${__dirname}/data/test.include.html`)
254+
constbody=readFileSync(
255+
`${__dirname}/data/test.include.html`
256+
)
243257
.toString()
244258
.replace(/{{baseURL}}/g,req.query.baseURL);
245259
resp.end(body);
@@ -250,17 +264,19 @@ const mocks = {
250264
"Content-Security-Policy":"default-src 'self'; require-trusted-types-for 'script'; "+
251265
"report-uri /test/data/mock.php?action=cspLog"
252266
});
253-
constbody=fs.readFileSync(`${__dirname}/data/csp.include.html`).toString();
267+
constbody=readFileSync(`${__dirname}/data/csp.include.html`).toString();
254268
resp.end(body);
255269
},
256270
cspNonce:function(req,resp){
257-
consttestParam=req.query.test ?`-${req.query.test}` :"";
271+
consttestParam=req.query.test ?
272+
`-${req.query.test.replace(/[^a-z0-9]/gi,"")}` :
273+
"";
258274
resp.writeHead(200,{
259275
"Content-Type":"text/html",
260276
"Content-Security-Policy":"script-src 'nonce-jquery+hardcoded+nonce'; "+
261277
"report-uri /test/data/mock.php?action=cspLog"
262278
});
263-
constbody=fs.readFileSync(
279+
constbody=readFileSync(
264280
`${__dirname}/data/csp-nonce${testParam}.html`).toString();
265281
resp.end(body);
266282
},
@@ -270,7 +286,7 @@ const mocks = {
270286
"Content-Security-Policy":"script-src 'self'; "+
271287
"report-uri /test/data/mock.php?action=cspLog"
272288
});
273-
constbody=fs.readFileSync(
289+
constbody=readFileSync(
274290
`${__dirname}/data/csp-ajax-script.html`).toString();
275291
resp.end(body);
276292
},
@@ -290,7 +306,7 @@ const mocks = {
290306
"Content-Security-Policy":"require-trusted-types-for 'script'; "+
291307
"report-uri /test/data/mock.php?action=cspLog"
292308
});
293-
constbody=fs.readFileSync(`${__dirname}/data/trusted-html.html`).toString();
309+
constbody=readFileSync(`${__dirname}/data/trusted-html.html`).toString();
294310
resp.end(body);
295311
},
296312
trustedTypesAttributes:function(_req,resp){
@@ -299,7 +315,7 @@ const mocks = {
299315
"Content-Security-Policy":"require-trusted-types-for 'script'; "+
300316
"report-uri /test/data/mock.php?action=cspLog"
301317
});
302-
constbody=fs.readFileSync(
318+
constbody=readFileSync(
303319
`${__dirname}/data/trusted-types-attributes.html`).toString();
304320
resp.end(body);
305321
},

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp