library-mirrors/jquery
1
0
Fork 0
mirror of https://github.com/jquery/jquery.git synced 2024-11-23 02:54:22 +00:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Build: Make middleware-mockserver not crash on reading nonexistent files

Browse Source 
`fs.readFileSync` crashes when a non-existing file is passed to it. Some APIs
of `middleware-mockserver` read a file the path of which depends on query
parameters, making it possible to crash it by providing such a parameter. The
old PHP server doesn't have these issues.

To fix this, wrap all `fs.readFileSync` occurrences with a function that falls
back to the string `"ERROR"`.

Closes gh-5579

(cherry picked from commit d5ebb464de)
This commit is contained in:
Michał Gołębiowski-Owczarek 2024-11-05 22:54:34 +01:00 committed by Michał Gołębiowski-Owczarek
parent 7dad5cb270
commit be4f9eccde
No known key found for this signature in database
1 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
test/middleware-mockserver.cjs
View File

@ -6,6 +6,19 @@ const getRawBody = require( "raw-body" );
let cspLog = ""; let cspLog = "";
/**
* Like `readFileSync`, but on error returns "ERROR"
* without crashing.
* @param path
*/
function readFileSync( path ) {
try {
return fs.readFileSync( path );
} catch ( _ ) {
return "ERROR";
}
}
/** /**
* Keep in sync with /test/mock.php * Keep in sync with /test/mock.php
*/ */
@ -142,7 +155,7 @@ const mocks = {
}, },
xmlOverJsonp: function( req, resp ) { xmlOverJsonp: function( req, resp ) {
const callback = req.query.callback; const callback = req.query.callback;
const body = fs.readFileSync( `${ __dirname }/data/with_fries.xml` ).toString(); const body = readFileSync( `${ __dirname }/data/with_fries.xml` ).toString();
resp.writeHead( 200 ); resp.writeHead( 200 );
resp.end( `${ cleanCallback( callback ) }(${ JSON.stringify( body ) })\n` ); resp.end( `${ cleanCallback( callback ) }(${ JSON.stringify( body ) })\n` );
}, },
@ -224,8 +237,9 @@ const mocks = {
}, },
testHTML: function( req, resp ) { testHTML: function( req, resp ) {
resp.writeHead( 200, { "Content-Type": "text/html" } ); resp.writeHead( 200, { "Content-Type": "text/html" } );
const body = fs const body = readFileSync(
.readFileSync( `${ __dirname }/data/test.include.html` ) `${ __dirname }/data/test.include.html`
)
.toString() .toString()
.replace( /{{baseURL}}/g, req.query.baseURL ); .replace( /{{baseURL}}/g, req.query.baseURL );
resp.end( body ); resp.end( body );
@ -236,17 +250,19 @@ const mocks = {
"Content-Security-Policy": "default-src 'self'; " + "Content-Security-Policy": "default-src 'self'; " +
"report-uri /test/data/mock.php?action=cspLog" "report-uri /test/data/mock.php?action=cspLog"
} ); } );
const body = fs.readFileSync( `${ __dirname }/data/csp.include.html` ).toString(); const body = readFileSync( `${ __dirname }/data/csp.include.html` ).toString();
resp.end( body ); resp.end( body );
}, },
cspNonce: function( req, resp ) { cspNonce: function( req, resp ) {
const testParam = req.query.test ? `-${ req.query.test }` : ""; const testParam = req.query.test ?
`-${ req.query.test.replace( /[^a-z0-9]/gi, "" ) }` :
"";
resp.writeHead( 200, { resp.writeHead( 200, {
"Content-Type": "text/html", "Content-Type": "text/html",
"Content-Security-Policy": "script-src 'nonce-jquery+hardcoded+nonce'; " + "Content-Security-Policy": "script-src 'nonce-jquery+hardcoded+nonce'; " +
"report-uri /test/data/mock.php?action=cspLog" "report-uri /test/data/mock.php?action=cspLog"
} ); } );
const body = fs.readFileSync( const body = readFileSync(
`${ __dirname }/data/csp-nonce${ testParam }.html` ).toString(); `${ __dirname }/data/csp-nonce${ testParam }.html` ).toString();
resp.end( body ); resp.end( body );
}, },