diff options
| author | Michał Gołębiowski-Owczarek <m.goleb@gmail.com> | 2024-11-05 22:54:34 +0100 |
|---|---|---|
| committer | Michał Gołębiowski-Owczarek <m.goleb@gmail.com> | 2024-11-05 22:59:55 +0100 |
| commit | be4f9eccde6e911798b732dc9d19d13812e4339b (patch) | |
| tree | 4d91d4aafef422e7e711dc98a877dd353ebf2664 | |
| parent | 7dad5cb270de5b3fef45bb5c6ccbc4a01928e37d (diff) | |
| download | jquery-be4f9eccde6e911798b732dc9d19d13812e4339b.tar.gz jquery-be4f9eccde6e911798b732dc9d19d13812e4339b.zip | |
Build: Make middleware-mockserver not crash on reading nonexistent files
`fs.readFileSync` crashes when a non-existing file is passed to it. Some APIs
of `middleware-mockserver` read a file the path of which depends on query
parameters, making it possible to crash it by providing such a parameter. The
old PHP server doesn't have these issues.
To fix this, wrap all `fs.readFileSync` occurrences with a function that falls
back to the string `"ERROR"`.
Closes gh-5579
(cherry picked from commit d5ebb464debab6ac39fe065e93c8a7ae1de8547e)
| -rw-r--r-- | test/middleware-mockserver.cjs | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/test/middleware-mockserver.cjs b/test/middleware-mockserver.cjs index 55d8b814d..2a0fe19ed 100644 --- a/test/middleware-mockserver.cjs +++ b/test/middleware-mockserver.cjs @@ -7,6 +7,19 @@ const getRawBody = require( "raw-body" ); let cspLog = ""; /** + * Like `readFileSync`, but on error returns "ERROR" + * without crashing. + * @param path + */ +function readFileSync( path ) { + try { + return fs.readFileSync( path ); + } catch ( _ ) { + return "ERROR"; + } +} + +/** * Keep in sync with /test/mock.php */ function cleanCallback( callback ) { @@ -142,7 +155,7 @@ const mocks = { }, xmlOverJsonp: function( req, resp ) { const callback = req.query.callback; - const body = fs.readFileSync( `${ __dirname }/data/with_fries.xml` ).toString(); + const body = readFileSync( `${ __dirname }/data/with_fries.xml` ).toString(); resp.writeHead( 200 ); resp.end( `${ cleanCallback( callback ) }(${ JSON.stringify( body ) })\n` ); }, @@ -224,8 +237,9 @@ const mocks = { }, testHTML: function( req, resp ) { resp.writeHead( 200, { "Content-Type": "text/html" } ); - const body = fs - .readFileSync( `${ __dirname }/data/test.include.html` ) + const body = readFileSync( + `${ __dirname }/data/test.include.html` + ) .toString() .replace( /{{baseURL}}/g, req.query.baseURL ); resp.end( body ); @@ -236,17 +250,19 @@ const mocks = { "Content-Security-Policy": "default-src 'self'; " + "report-uri /test/data/mock.php?action=cspLog" } ); - const body = fs.readFileSync( `${ __dirname }/data/csp.include.html` ).toString(); + const body = readFileSync( `${ __dirname }/data/csp.include.html` ).toString(); resp.end( body ); }, cspNonce: function( req, resp ) { - const testParam = req.query.test ? `-${ req.query.test }` : ""; + const testParam = req.query.test ? + `-${ req.query.test.replace( /[^a-z0-9]/gi, "" ) }` : + ""; resp.writeHead( 200, { "Content-Type": "text/html", "Content-Security-Policy": "script-src 'nonce-jquery+hardcoded+nonce'; " + "report-uri /test/data/mock.php?action=cspLog" } ); - const body = fs.readFileSync( + const body = readFileSync( `${ __dirname }/data/csp-nonce${ testParam }.html` ).toString(); resp.end( body ); }, |