Skip to content

Commit

Permalink
lib: fix regular expression to detect / and \
Browse files Browse the repository at this point in the history
PR-URL: nodejs#40325
Fixes: nodejs#40305
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Guy Bedford <guybedford@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Zeyu Yang <himself65@outlook.com>
  • Loading branch information
fasttime authored and aduh95 committed Oct 22, 2021
1 parent ec3bd72 commit d134dd4
Show file tree
Hide file tree
Showing 7 changed files with 19 additions and 5 deletions.
2 changes: 1 addition & 1 deletion lib/internal/modules/esm/resolve.js
Original file line number Diff line number Diff line change
Expand Up @@ -278,7 +278,7 @@ function resolveDirectoryEntry(search) {
return resolveExtensions(new URL('index', search));
}

const encodedSepRegEx = /%2F|%2C/i;
const encodedSepRegEx = /%2F|%5C/i;
function finalizeResolution(resolved, base) {
if (RegExpPrototypeTest(encodedSepRegEx, resolved.pathname))
throw new ERR_INVALID_MODULE_SPECIFIER(
Expand Down
3 changes: 3 additions & 0 deletions test/es-module/test-esm-encoded-path.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,8 @@ import '../common/index.mjs';
import assert from 'assert';
// ./test-esm-ok.mjs
import ok from '../fixtures/es-modules/test-%65%73%6d-ok.mjs';
// ./test-esm-comma,.mjs
import comma from '../fixtures/es-modules/test-esm-comma%2c.mjs';

assert(ok);
assert(comma);
5 changes: 4 additions & 1 deletion test/es-module/test-esm-exports.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -176,10 +176,13 @@ import fromInside from '../fixtures/node_modules/pkgexports/lib/hole.js';
}));
}

// The use of %2F escapes in paths fails loading
// The use of %2F and %5C escapes in paths fails loading
loadFixture('pkgexports/sub/..%2F..%2Fbar.js').catch(mustCall((err) => {
strictEqual(err.code, 'ERR_INVALID_MODULE_SPECIFIER');
}));
loadFixture('pkgexports/sub/..%5C..%5Cbar.js').catch(mustCall((err) => {
strictEqual(err.code, 'ERR_INVALID_MODULE_SPECIFIER');
}));

// Package export with numeric index properties must throw a validation error
loadFixture('pkgexports-numeric').catch(mustCall((err) => {
Expand Down
6 changes: 4 additions & 2 deletions test/es-module/test-esm-imports.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -55,13 +55,15 @@ const { requireImport, importImport } = importer;
// Backtracking below the package base
['#subpath/sub/../../../belowbase', 'request is not a valid subpath'],
// Percent-encoded slash errors
['#external/subpath/x%2Fy', 'must not include encoded "/"'],
['#external/subpath/x%2Fy', 'must not include encoded "/" or "\\"'],
['#external/subpath/x%5Cy', 'must not include encoded "/" or "\\"'],
// Target must have a name
['#', '#'],
// Initial slash target must have a leading name
['#/initialslash', '#/initialslash'],
// Percent-encoded target paths
['#percent', 'must not include encoded "/"'],
['#encodedslash', 'must not include encoded "/" or "\\"'],
['#encodedbackslash', 'must not include encoded "/" or "\\"'],
]);

for (const [specifier, expected] of invalidImportSpecifiers) {
Expand Down
4 changes: 4 additions & 0 deletions test/es-module/test-esm-pkgname.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ importFixture('as%2Ff').catch(mustCall((err) => {
strictEqual(err.code, 'ERR_INVALID_MODULE_SPECIFIER');
}));

importFixture('as%5Cf').catch(mustCall((err) => {
strictEqual(err.code, 'ERR_INVALID_MODULE_SPECIFIER');
}));

importFixture('as\\df').catch(mustCall((err) => {
strictEqual(err.code, 'ERR_INVALID_MODULE_SPECIFIER');
}));
Expand Down
3 changes: 2 additions & 1 deletion test/fixtures/es-modules/pkgimports/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
"#": "./test.js",
"#/initialslash": "./test.js",
"#notfound": "./notfound.js",
"#percent": "./..%2F/x.js"
"#encodedslash": "./..%2F/x.js",
"#encodedbackslash": "./..%5C/x.js"
}
}
1 change: 1 addition & 0 deletions test/fixtures/es-modules/test-esm-comma,.mjs
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
export default ',';

0 comments on commit d134dd4

Please sign in to comment.