fix: Escape version in NSIS Updater during replace (#5655)

* fix: Escape version in NSIS Updater during replace The updater derives the path to the old blockmap file by using the url of the new blockmap file and changing the version. The code uses a RegEx with the replace function in order to replace all occurrences of the version number. The problem is that the version number is a string like '0.1.9-2+273e2eb' and contains characters like '.' and '+' that get interpreted as regex characters. This fixes that.
electron-userland · Mar 18, 2021 · 77c215d · 77c215d
1 parent c0ae89c
commit 77c215d
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 10 deletions.
diff --git a/packages/electron-updater/package.json b/packages/electron-updater/package.json
@@ -17,12 +17,14 @@
     "fs-extra": "^9.1.0",
     "js-yaml": "^4.0.0",
     "lazy-val": "^1.0.4",
+    "lodash.escaperegexp": "^4.1.2",
     "lodash.isequal": "^4.5.0",
     "semver": "^7.3.4"
   },
   "devDependencies": {
     "@types/fs-extra": "^9.0.7",
     "@types/js-yaml": "^4.0.0",
+    "@types/lodash.escaperegexp": "^4.1.6",
     "@types/lodash.isequal": "^4.5.5"
   },
   "typings": "./out/main.d.ts",

diff --git a/packages/electron-updater/src/NsisUpdater.ts b/packages/electron-updater/src/NsisUpdater.ts
@@ -8,9 +8,9 @@ import { DifferentialDownloaderOptions } from "./differentialDownloader/Differen
 import { FileWithEmbeddedBlockMapDifferentialDownloader } from "./differentialDownloader/FileWithEmbeddedBlockMapDifferentialDownloader"
 import { GenericDifferentialDownloader } from "./differentialDownloader/GenericDifferentialDownloader"
 import { DOWNLOAD_PROGRESS, ResolvedUpdateFileInfo } from "./main"
+import { blockmapFiles } from "./util"
 import { findFile, Provider } from "./providers/Provider"
 import { unlink } from "fs-extra"
-import { newUrlFromBase } from "./util"
 import { verifySignature } from "./windowsExecutableCodeSignatureVerifier"
 import { URL } from "url"
 import { gunzipSync } from "zlib"
@@ -138,13 +138,8 @@ export class NsisUpdater extends BaseUpdater {
       if (this._testOnlyOptions != null && !this._testOnlyOptions.isUseDifferentialDownload) {
         return true
       }
-
-      const newBlockMapUrl = newUrlFromBase(`${fileInfo.url.pathname}.blockmap`, fileInfo.url)
-      const oldBlockMapUrl = newUrlFromBase(
-        `${fileInfo.url.pathname.replace(new RegExp(downloadUpdateOptions.updateInfoAndProvider.info.version, "g"), this.app.version)}.blockmap`,
-        fileInfo.url
-      )
-      this._logger.info(`Download block maps (old: "${oldBlockMapUrl.href}", new: ${newBlockMapUrl.href})`)
+      const blockmapFileUrls = blockmapFiles(fileInfo.url, downloadUpdateOptions.updateInfoAndProvider.info.version, this.app.version)
+      this._logger.info(`Download block maps (old: "${blockmapFileUrls[0]}", new: ${blockmapFileUrls[1]})`)
 
       const downloadBlockMap = async (url: URL): Promise<BlockMap> => {
         const data = await this.httpExecutor.downloadToBuffer(url, {
@@ -177,7 +172,7 @@ export class NsisUpdater extends BaseUpdater {
         downloadOptions.onProgress = it => this.emit(DOWNLOAD_PROGRESS, it)
       }
 
-      const blockMapDataList = await Promise.all([downloadBlockMap(oldBlockMapUrl), downloadBlockMap(newBlockMapUrl)])
+      const blockMapDataList = await Promise.all(blockmapFileUrls.map(u => downloadBlockMap(u)))
       await new GenericDifferentialDownloader(fileInfo.info, this.httpExecutor, downloadOptions).download(blockMapDataList[0], blockMapDataList[1])
       return false
     } catch (e) {

diff --git a/packages/electron-updater/src/util.ts b/packages/electron-updater/src/util.ts
@@ -1,5 +1,7 @@
 // if baseUrl path doesn't ends with /, this path will be not prepended to passed pathname for new URL(input, base)
 import { URL } from "url"
+// @ts-ignore
+import * as escapeRegExp from "lodash.escaperegexp"
 
 /** @internal */
 export function newBaseUrl(url: string): URL {
@@ -27,3 +29,9 @@ export function newUrlFromBase(pathname: string, baseUrl: URL, addRandomQueryToA
 export function getChannelFilename(channel: string): string {
   return `${channel}.yml`
 }
+
+export function blockmapFiles(baseUrl: URL, oldVersion: string, newVersion: string): URL[] {
+  const newBlockMapUrl = newUrlFromBase(`${baseUrl.pathname}.blockmap`, baseUrl)
+  const oldBlockMapUrl = newUrlFromBase(`${baseUrl.pathname.replace(new RegExp(escapeRegExp(newVersion), "g"), oldVersion)}.blockmap`, baseUrl)
+  return [oldBlockMapUrl, newBlockMapUrl]
+}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/test/src/urlUtilTest.ts b/test/src/urlUtilTest.ts
@@ -1,5 +1,5 @@
 import { URL } from "url"
-import { newUrlFromBase } from "electron-updater/out/util"
+import { newUrlFromBase, blockmapFiles } from "electron-updater/out/util"
 
 test("newUrlFromBase", () => {
   const fileUrl = new URL("https://AWS_S3_HOST/bucket-yashraj/electron%20Setup%2011.0.3.exe")
@@ -12,3 +12,15 @@ test("add no cache", () => {
   const newBlockMapUrl = newUrlFromBase("latest.yml", baseUrl, true)
   expect(newBlockMapUrl.href).toBe("https://gitlab.com/artifacts/master/raw/latest.yml?job=build_electron_win")
 })
+
+test("create blockmap urls", () => {
+  const oldVersion = "1.1.9-2+ed8ccd"
+  const newVersion = "1.1.9-3+be4a1f"
+  const baseUrlString = `https://gitlab.com/artifacts/master/raw/electron%20Setup%20${newVersion}.exe`
+  const baseUrl = new URL(baseUrlString)
+
+  const blockMapUrls = blockmapFiles(baseUrl, oldVersion, newVersion)
+
+  expect(blockMapUrls[0].href).toBe('https://gitlab.com/artifacts/master/raw/electron%20Setup%201.1.9-2+ed8ccd.exe.blockmap');
+  expect(blockMapUrls[1].href).toBe('https://gitlab.com/artifacts/master/raw/electron%20Setup%201.1.9-3+be4a1f.exe.blockmap');
+})