1 | const normalize = require('../')
|
---|
2 | const t = require('tap')
|
---|
3 |
|
---|
4 | t.test('benign object', async t => {
|
---|
5 | // just clean up the ./ in the targets and remove anything weird
|
---|
6 | const pkg = { name: 'hello', version: 'world', bin: {
|
---|
7 | y: './x/y',
|
---|
8 | z: './y/z',
|
---|
9 | a: './a',
|
---|
10 | } }
|
---|
11 | const expect = { name: 'hello', version: 'world', bin: {
|
---|
12 | y: 'x/y',
|
---|
13 | z: 'y/z',
|
---|
14 | a: 'a',
|
---|
15 | } }
|
---|
16 | t.strictSame(normalize(pkg), expect)
|
---|
17 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
---|
18 | })
|
---|
19 |
|
---|
20 | t.test('empty and non-string targets', async t => {
|
---|
21 | // just clean up the ./ in the targets and remove anything weird
|
---|
22 | const pkg = { name: 'hello', version: 'world', bin: {
|
---|
23 | z: './././',
|
---|
24 | y: '',
|
---|
25 | './x': 'x.js',
|
---|
26 | re: /asdf/,
|
---|
27 | foo: { bar: 'baz' },
|
---|
28 | false: false,
|
---|
29 | null: null,
|
---|
30 | array: [1,2,3],
|
---|
31 | func: function () {},
|
---|
32 | } }
|
---|
33 | const expect = { name: 'hello', version: 'world', bin: {
|
---|
34 | x: 'x.js',
|
---|
35 | } }
|
---|
36 | t.strictSame(normalize(pkg), expect)
|
---|
37 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
---|
38 | })
|
---|
39 |
|
---|
40 | t.test('slashy object', async t => {
|
---|
41 | const pkg = { name: 'hello', version: 'world', bin: {
|
---|
42 | '/path/foo': '/etc/passwd',
|
---|
43 | 'bar': '/etc/passwd',
|
---|
44 | '/etc/glorb/baz': '/etc/passwd',
|
---|
45 | '/etc/passwd:/bin/usr/exec': '/etc/passwd',
|
---|
46 | } }
|
---|
47 | const expect = {
|
---|
48 | name: 'hello',
|
---|
49 | version: 'world',
|
---|
50 | bin: {
|
---|
51 | foo: 'etc/passwd',
|
---|
52 | bar: 'etc/passwd',
|
---|
53 | baz: 'etc/passwd',
|
---|
54 | exec: 'etc/passwd',
|
---|
55 | }
|
---|
56 | }
|
---|
57 | t.strictSame(normalize(pkg), expect)
|
---|
58 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
---|
59 | })
|
---|
60 |
|
---|
61 | t.test('dotty object', async t => {
|
---|
62 | const pkg = {
|
---|
63 | name: 'hello',
|
---|
64 | version: 'world',
|
---|
65 | bin: {
|
---|
66 | 'nodots': '../../../../etc/passwd',
|
---|
67 | '../../../../../../dots': '../../../../etc/passwd',
|
---|
68 | '.././../\\./..//C:\\./': 'this is removed',
|
---|
69 | '.././../\\./..//C:\\/': 'super safe programming language',
|
---|
70 | '.././../\\./..//C:\\x\\y\\z/': 'xyz',
|
---|
71 | } }
|
---|
72 | const expect = { name: 'hello', version: 'world', bin: {
|
---|
73 | nodots: 'etc/passwd',
|
---|
74 | dots: 'etc/passwd',
|
---|
75 | C: 'super safe programming language',
|
---|
76 | z: 'xyz',
|
---|
77 | } }
|
---|
78 | t.strictSame(normalize(pkg), expect)
|
---|
79 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
---|
80 | })
|
---|
81 |
|
---|
82 | t.test('weird object', async t => {
|
---|
83 | const pkg = { name: 'hello', version: 'world', bin: /asdf/ }
|
---|
84 | const expect = { name: 'hello', version: 'world' }
|
---|
85 | t.strictSame(normalize(pkg), expect)
|
---|
86 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
---|
87 | })
|
---|
88 |
|
---|
89 | t.test('oddball keys', async t => {
|
---|
90 | const pkg = {
|
---|
91 | bin: {
|
---|
92 | '~': 'target',
|
---|
93 | '£': 'target',
|
---|
94 | 'ζ': 'target',
|
---|
95 | 'ぎ': 'target',
|
---|
96 | '操': 'target',
|
---|
97 | '🎱': 'target',
|
---|
98 | '💎': 'target',
|
---|
99 | '💸': 'target',
|
---|
100 | '🦉': 'target',
|
---|
101 | 'сheck-dom': 'target',
|
---|
102 | 'Ωpm': 'target',
|
---|
103 | 'ζλ': 'target',
|
---|
104 | 'мга': 'target',
|
---|
105 | 'пше': 'target',
|
---|
106 | 'тзч': 'target',
|
---|
107 | 'тзь': 'target',
|
---|
108 | 'нфкт': 'target',
|
---|
109 | 'ссср': 'target',
|
---|
110 | '君の名は': 'target',
|
---|
111 | '君の名は': 'target',
|
---|
112 | }
|
---|
113 | }
|
---|
114 |
|
---|
115 | const expect = {
|
---|
116 | bin: {
|
---|
117 | '~': 'target',
|
---|
118 | '£': 'target',
|
---|
119 | 'ζ': 'target',
|
---|
120 | 'ぎ': 'target',
|
---|
121 | '操': 'target',
|
---|
122 | '🎱': 'target',
|
---|
123 | '💎': 'target',
|
---|
124 | '💸': 'target',
|
---|
125 | '🦉': 'target',
|
---|
126 | 'сheck-dom': 'target',
|
---|
127 | 'Ωpm': 'target',
|
---|
128 | 'ζλ': 'target',
|
---|
129 | 'мга': 'target',
|
---|
130 | 'пше': 'target',
|
---|
131 | 'тзч': 'target',
|
---|
132 | 'тзь': 'target',
|
---|
133 | 'нфкт': 'target',
|
---|
134 | 'ссср': 'target',
|
---|
135 | '君の名は': 'target',
|
---|
136 | },
|
---|
137 | }
|
---|
138 |
|
---|
139 | t.strictSame(normalize(pkg), expect)
|
---|
140 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
---|
141 | })
|
---|