| 1 | const normalize = require('../')
|
|---|
| 2 | const t = require('tap')
|
|---|
| 3 |
|
|---|
| 4 | t.test('benign string', async t => {
|
|---|
| 5 | const pkg = { name: 'hello', version: 'world', bin: 'hello.js' }
|
|---|
| 6 | const expect = { name: 'hello', version: 'world', bin: { hello: 'hello.js' } }
|
|---|
| 7 | t.strictSame(normalize(pkg), expect)
|
|---|
| 8 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
|---|
| 9 | })
|
|---|
| 10 |
|
|---|
| 11 | t.test('slashy string', async t => {
|
|---|
| 12 | const pkg = { name: 'hello', version: 'world', bin: '/etc/passwd' }
|
|---|
| 13 | const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd' } }
|
|---|
| 14 | t.strictSame(normalize(pkg), expect)
|
|---|
| 15 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
|---|
| 16 | })
|
|---|
| 17 |
|
|---|
| 18 | t.test('dotty string', async t => {
|
|---|
| 19 | const pkg = { name: 'hello', version: 'world', bin: '../../../../etc/passwd' }
|
|---|
| 20 | const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd' } }
|
|---|
| 21 | t.strictSame(normalize(pkg), expect)
|
|---|
| 22 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
|---|
| 23 | })
|
|---|
| 24 |
|
|---|
| 25 | t.test('double path', async t => {
|
|---|
| 26 | const pkg = { name: 'hello', version: 'world', bin: '/etc/passwd:/bin/usr/exec' }
|
|---|
| 27 | const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd:/bin/usr/exec' } }
|
|---|
| 28 | t.strictSame(normalize(pkg), expect)
|
|---|
| 29 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
|---|
| 30 | })
|
|---|
| 31 |
|
|---|
| 32 | t.test('string with no name', async t => {
|
|---|
| 33 | const pkg = { bin: 'foobar.js' }
|
|---|
| 34 | const expect = {}
|
|---|
| 35 | t.strictSame(normalize(pkg), expect)
|
|---|
| 36 | t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
|
|---|
| 37 | })
|
|---|
