fix(scripts): improve regex validation for email-config script
This commit is contained in:
Phil Booth
Родитель
807e4ac75c
Коммит
14694e441e
|
|
@ -11,6 +11,7 @@ const config = require(`${ROOT_DIR}/config`).getProperties()
|
|||
const log = require(`${ROOT_DIR}/test/mocks`).mockLog()
|
||||
const Promise = require(`${LIB_DIR}/promise`)
|
||||
const redis = require(`${LIB_DIR}/redis`)({ ...config.redis, ...config.redis.email }, log)
|
||||
const safeRegex = require('safe-regex')
|
||||
|
||||
if (! redis) {
|
||||
console.error('Redis is disabled in config, aborting')
|
||||
|
|
@ -30,7 +31,9 @@ const KEYS = {
|
|||
const VALID_SERVICES = new Set([ 'sendgrid', 'ses', 'socketlabs' ])
|
||||
const VALID_PROPERTIES = new Map([
|
||||
[ 'percentage', value => value >= 0 && value <= 100 ],
|
||||
[ 'regex', value => value && typeof value === 'string' ]
|
||||
[ 'regex', value =>
|
||||
value && typeof value === 'string' && value.indexOf('"') === -1 && safeRegex(value)
|
||||
]
|
||||
])
|
||||
|
||||
const { argv } = process
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ describe('scripts/email-config:', () => {
|
|||
})
|
||||
|
||||
it('write does not fail', () => {
|
||||
return cp.execAsync('echo \'{"sendgrid":{"percentage":1,"regex":".*"}}\' | node scripts/email-config write', { cwd })
|
||||
return cp.execAsync('echo \'{"sendgrid":{"percentage":100,"regex":".*"}}\' | node scripts/email-config write', { cwd })
|
||||
})
|
||||
|
||||
it('write fails if stdin is not valid JSON', () => {
|
||||
|
|
@ -86,7 +86,12 @@ describe('scripts/email-config:', () => {
|
|||
})
|
||||
|
||||
it('write fails if percentage is greater than 100', () => {
|
||||
return cp.execAsync('echo \'{"sendgrid":{"percentage":101,"regex":".*"}}\' | node scripts/email-config write', { cwd })
|
||||
return cp.execAsync('echo \'{"sendgrid":{"percentage":100.1,"regex":".*"}}\' | node scripts/email-config write', { cwd })
|
||||
.then(() => assert(false, 'script should have failed'), () => {})
|
||||
})
|
||||
|
||||
it('write fails if percentage is less than 0', () => {
|
||||
return cp.execAsync('echo \'{"sendgrid":{"percentage":-0.1,"regex":".*"}}\' | node scripts/email-config write', { cwd })
|
||||
.then(() => assert(false, 'script should have failed'), () => {})
|
||||
})
|
||||
|
||||
|
|
@ -95,6 +100,16 @@ describe('scripts/email-config:', () => {
|
|||
.then(() => assert(false, 'script should have failed'), () => {})
|
||||
})
|
||||
|
||||
it('write fails if regex contains quote character', () => {
|
||||
return cp.execAsync('echo \'{"sendgrid":{"percentage":1,"regex":".*\\""}}\' | node scripts/email-config write', { cwd })
|
||||
.then(() => assert(false, 'script should have failed'), () => {})
|
||||
})
|
||||
|
||||
it('write fails if regex is unsafe', () => {
|
||||
return cp.execAsync('echo \'{"sendgrid":{"percentage":1,"regex":"(.*)*"}}\' | node scripts/email-config write', { cwd })
|
||||
.then(() => assert(false, 'script should have failed'), () => {})
|
||||
})
|
||||
|
||||
it('write does not fail if percentage is missing', () => {
|
||||
return cp.execAsync('echo \'{"sendgrid":{"regex":".*"}}\' | node scripts/email-config write', { cwd })
|
||||
})
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче