From 168f7c2a6f650be3fcb7d72abc9921e3c40e1ee1 Mon Sep 17 00:00:00 2001 From: Valery Bugakov Date: Fri, 10 Jan 2020 17:17:17 +0530 Subject: [PATCH 1/6] Fixed bin regex --- .../dangerous bin name/actual.json | 16 +++++++++------- .../dangerous bin name/expected.json | 9 ++++++--- src/util/normalize-manifest/fix.js | 2 +- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/__tests__/fixtures/normalize-manifest/dangerous bin name/actual.json b/__tests__/fixtures/normalize-manifest/dangerous bin name/actual.json index d70ea69e80..78851e2c1d 100644 --- a/__tests__/fixtures/normalize-manifest/dangerous bin name/actual.json +++ b/__tests__/fixtures/normalize-manifest/dangerous bin name/actual.json @@ -1,9 +1,11 @@ { - "name": "foo", - "version": "", - "bin": { - "/tmp/foo": "main.js", - "../tmp/foo": "main.js", - "tmp/../../foo": "main.js" - } + "name": "foo", + "version": "", + "bin": { + "/tmp/foo": "main.js", + "../tmp/foo": "main.js", + "tmp/../../foo": "main.js", + "build.cli": "main.js", + "build:cli": "main.js" + } } diff --git a/__tests__/fixtures/normalize-manifest/dangerous bin name/expected.json b/__tests__/fixtures/normalize-manifest/dangerous bin name/expected.json index 80ce110c76..e803887fd8 100644 --- a/__tests__/fixtures/normalize-manifest/dangerous bin name/expected.json +++ b/__tests__/fixtures/normalize-manifest/dangerous bin name/expected.json @@ -1,5 +1,8 @@ { - "name": "foo", - "version": "", - "bin": {} + "name": "foo", + "version": "", + "bin": { + "build.cli": "main.js", + "build:cli": "main.js" + } } diff --git a/src/util/normalize-manifest/fix.js b/src/util/normalize-manifest/fix.js index 7d9796dee3..5aaba8c792 100644 --- a/src/util/normalize-manifest/fix.js +++ b/src/util/normalize-manifest/fix.js @@ -12,7 +12,7 @@ const semver = require('semver'); const path = require('path'); const url = require('url'); -const VALID_BIN_KEYS = /^[a-z0-9_-]+$/i; +const VALID_BIN_KEYS = /^[a-z0-9_.:-]+$/i; const LICENSE_RENAMES: {[key: string]: ?string} = { 'MIT/X11': 'MIT', From aac347ea2a3c2e53d93271f11c6bbcbbd3b6652d Mon Sep 17 00:00:00 2001 From: Valery Bugakov Date: Mon, 13 Jan 2020 19:29:02 +0530 Subject: [PATCH 2/6] Removed unsupported by Windows colon from bin regex --- src/util/normalize-manifest/fix.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/normalize-manifest/fix.js b/src/util/normalize-manifest/fix.js index 5aaba8c792..690e67278c 100644 --- a/src/util/normalize-manifest/fix.js +++ b/src/util/normalize-manifest/fix.js @@ -12,7 +12,7 @@ const semver = require('semver'); const path = require('path'); const url = require('url'); -const VALID_BIN_KEYS = /^[a-z0-9_.:-]+$/i; +const VALID_BIN_KEYS = /^[a-z0-9._-]+$/i; const LICENSE_RENAMES: {[key: string]: ?string} = { 'MIT/X11': 'MIT', From 0f6bd0c81bde6b010411e2e46a2ecd2f0142d59b Mon Sep 17 00:00:00 2001 From: Valery Bugakov Date: Mon, 13 Jan 2020 19:33:06 +0530 Subject: [PATCH 3/6] Updated normalize-manifest tests --- __tests__/__snapshots__/normalize-manifest.js.snap | 1 + .../normalize-manifest/dangerous bin name/actual.json | 4 ++-- .../normalize-manifest/dangerous bin name/expected.json | 3 +-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/__tests__/__snapshots__/normalize-manifest.js.snap b/__tests__/__snapshots__/normalize-manifest.js.snap index eb903b98d4..857efd006d 100644 --- a/__tests__/__snapshots__/normalize-manifest.js.snap +++ b/__tests__/__snapshots__/normalize-manifest.js.snap @@ -65,6 +65,7 @@ Array [ "foo: Invalid bin entry for \\"/tmp/foo\\" (in \\"foo\\").", "foo: Invalid bin entry for \\"../tmp/foo\\" (in \\"foo\\").", "foo: Invalid bin entry for \\"tmp/../../foo\\" (in \\"foo\\").", + "foo: Invalid bin entry for \\"build:cli\\" (in \\"foo\\").", "foo: No license field", ] `; diff --git a/__tests__/fixtures/normalize-manifest/dangerous bin name/actual.json b/__tests__/fixtures/normalize-manifest/dangerous bin name/actual.json index 78851e2c1d..5bdadc4b56 100644 --- a/__tests__/fixtures/normalize-manifest/dangerous bin name/actual.json +++ b/__tests__/fixtures/normalize-manifest/dangerous bin name/actual.json @@ -5,7 +5,7 @@ "/tmp/foo": "main.js", "../tmp/foo": "main.js", "tmp/../../foo": "main.js", - "build.cli": "main.js", - "build:cli": "main.js" + "build:cli": "main.js", + "build.cli": "main.js" } } diff --git a/__tests__/fixtures/normalize-manifest/dangerous bin name/expected.json b/__tests__/fixtures/normalize-manifest/dangerous bin name/expected.json index e803887fd8..b7f6cf75df 100644 --- a/__tests__/fixtures/normalize-manifest/dangerous bin name/expected.json +++ b/__tests__/fixtures/normalize-manifest/dangerous bin name/expected.json @@ -2,7 +2,6 @@ "name": "foo", "version": "", "bin": { - "build.cli": "main.js", - "build:cli": "main.js" + "build.cli": "main.js" } } From 07b0d2c49377778867bf5a4df1233c992fa2c848 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Wed, 22 Jan 2020 03:32:05 -0500 Subject: [PATCH 4/6] Update fix.js --- src/util/normalize-manifest/fix.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/normalize-manifest/fix.js b/src/util/normalize-manifest/fix.js index 690e67278c..ef7b7798d6 100644 --- a/src/util/normalize-manifest/fix.js +++ b/src/util/normalize-manifest/fix.js @@ -12,7 +12,7 @@ const semver = require('semver'); const path = require('path'); const url = require('url'); -const VALID_BIN_KEYS = /^[a-z0-9._-]+$/i; +const VALID_BIN_KEYS = /^(?!\.{0,2}$)[a-z0-9._-]+$/i; const LICENSE_RENAMES: {[key: string]: ?string} = { 'MIT/X11': 'MIT', From 468f2eab59e6bc385e18ed96bed070baabc29049 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Wed, 22 Jan 2020 03:32:57 -0500 Subject: [PATCH 5/6] Update actual.json --- .../fixtures/normalize-manifest/dangerous bin name/actual.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/__tests__/fixtures/normalize-manifest/dangerous bin name/actual.json b/__tests__/fixtures/normalize-manifest/dangerous bin name/actual.json index 5bdadc4b56..2b429e5e9f 100644 --- a/__tests__/fixtures/normalize-manifest/dangerous bin name/actual.json +++ b/__tests__/fixtures/normalize-manifest/dangerous bin name/actual.json @@ -2,6 +2,8 @@ "name": "foo", "version": "", "bin": { + ".": "main.js", + "..": "main.js", "/tmp/foo": "main.js", "../tmp/foo": "main.js", "tmp/../../foo": "main.js", From 84fc1b51e1d9ce424c495e225a790c2eeaca8627 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Nison?= Date: Wed, 22 Jan 2020 03:33:24 -0500 Subject: [PATCH 6/6] Update normalize-manifest.js.snap --- __tests__/__snapshots__/normalize-manifest.js.snap | 2 ++ 1 file changed, 2 insertions(+) diff --git a/__tests__/__snapshots__/normalize-manifest.js.snap b/__tests__/__snapshots__/normalize-manifest.js.snap index 857efd006d..96bece70ad 100644 --- a/__tests__/__snapshots__/normalize-manifest.js.snap +++ b/__tests__/__snapshots__/normalize-manifest.js.snap @@ -62,6 +62,8 @@ Array [ exports[`dangerous bin name: dangerous bin name 1`] = ` Array [ + "foo: Invalid bin entry for \\".\\" (in \\"foo\\").", + "foo: Invalid bin entry for \\"..\\" (in \\"foo\\").", "foo: Invalid bin entry for \\"/tmp/foo\\" (in \\"foo\\").", "foo: Invalid bin entry for \\"../tmp/foo\\" (in \\"foo\\").", "foo: Invalid bin entry for \\"tmp/../../foo\\" (in \\"foo\\").",