| [6a3a178] | 1 | const normalize = require('../')
|
|---|
| 2 | const t = require('tap')
|
|---|
| 3 |
|
|---|
| 4 | t.test('benign array', async t => {
|
|---|
| 5 | const pkg = { name: 'hello', version: 'world', bin: ['./x/y', 'y/z', './a'] }
|
|---|
| 6 | const expect = { name: 'hello', version: 'world', bin: {
|
|---|
| 7 | y: 'x/y',
|
|---|
| 8 | z: 'y/z',
|
|---|
| 9 | a: 'a',
|
|---|
| 10 | } }
|
|---|
| 11 | t.strictSame(normalize(pkg), expect)
|
|---|
| 12 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
|---|
| 13 | })
|
|---|
| 14 |
|
|---|
| 15 | t.test('conflicting array', async t => {
|
|---|
| 16 | const pkg = { name: 'hello', version: 'world', bin: ['./x/y', 'z/y', './a'] }
|
|---|
| 17 | const expect = { name: 'hello', version: 'world', bin: {
|
|---|
| 18 | y: 'z/y',
|
|---|
| 19 | a: 'a',
|
|---|
| 20 | } }
|
|---|
| 21 | t.strictSame(normalize(pkg), expect)
|
|---|
| 22 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
|---|
| 23 | })
|
|---|
| 24 |
|
|---|
| 25 | t.test('slashy array', async t => {
|
|---|
| 26 | const pkg = { name: 'hello', version: 'world', bin: [ '/etc/passwd' ] }
|
|---|
| 27 | const expect = { name: 'hello', version: 'world', bin: { passwd: 'etc/passwd' } }
|
|---|
| 28 | t.strictSame(normalize(pkg), expect)
|
|---|
| 29 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
|---|
| 30 | })
|
|---|
| 31 |
|
|---|
| 32 | t.test('dotty array', async t => {
|
|---|
| 33 | const pkg = { name: 'hello', version: 'world', bin: ['../../../../etc/passwd'] }
|
|---|
| 34 | const expect = { name: 'hello', version: 'world', bin: { passwd: 'etc/passwd' } }
|
|---|
| 35 | t.strictSame(normalize(pkg), expect)
|
|---|
| 36 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
|---|
| 37 | })
|
|---|
