chore(store): fix polynominal regex codeql (#4332)

2024-12-16 21:56:25 -05:00 · 2024-01-06 13:25:07 +01:00 · 2024-01-06 13:25:07 +01:00 · e14b064a38
commit e14b064a38
parent 1c5106ec6f
4 changed files with 46 additions and 2 deletions
--- a/.changeset/olive-bananas-wink.md
+++ b/.changeset/olive-bananas-wink.md
@ -0,0 +1,7 @@
+---
+'@verdaccio/store': patch
+'@verdaccio/tarball': patch
+---
+
+- Fixes polynomial regular expression when determining the file name of tarball
+- Add tests for extracting tarball name
--- a/packages/core/tarball/src/index.ts
+++ b/packages/core/tarball/src/index.ts
@ -4,6 +4,6 @@ export {
  convertDistRemoteToLocalTarballUrls,
  convertDistVersionToLocalTarballsUrl,
 } from './convertDistRemoteToLocalTarballUrls';
-export { getLocalRegistryTarballUri } from './getLocalRegistryTarballUri';
+export { extractTarballFromUrl, getLocalRegistryTarballUri } from './getLocalRegistryTarballUri';

 export { RequestOptions };
--- a/packages/core/tarball/tests/getLocalRegistryTarballUri.spec.ts
+++ b/packages/core/tarball/tests/getLocalRegistryTarballUri.spec.ts
@ -0,0 +1,36 @@
+import { extractTarballFromUrl } from '../src';
+
+describe('extractTarballFromUrl', () => {
+  const metadata: any = {
+    name: 'npm_test',
+    versions: {
+      '1.0.0': {
+        dist: {
+          tarball: 'http://registry.org/npm_test/-/npm_test-1.0.0.tgz',
+        },
+      },
+      '1.0.1': {
+        dist: {
+          tarball: 'npm_test-1.0.1.tgz',
+        },
+      },
+      '1.0.2': {
+        dist: {
+          tarball: 'https://localhost/npm_test-1.0.2.tgz',
+        },
+      },
+    },
+  };
+
+  test('should return only name of tarball', () => {
+    expect(extractTarballFromUrl(metadata.versions['1.0.0'].dist.tarball)).toEqual(
+      'npm_test-1.0.0.tgz'
+    );
+    expect(extractTarballFromUrl(metadata.versions['1.0.1'].dist.tarball)).toEqual(
+      'npm_test-1.0.1.tgz'
+    );
+    expect(extractTarballFromUrl(metadata.versions['1.0.2'].dist.tarball)).toEqual(
+      'npm_test-1.0.2.tgz'
+    );
+  });
+});
--- a/packages/store/src/storage.ts
+++ b/packages/store/src/storage.ts
@ -27,6 +27,7 @@ import { IProxy, ISyncUplinksOptions, ProxySearchParams, ProxyStorage } from '@v
 import {
  convertDistRemoteToLocalTarballUrls,
  convertDistVersionToLocalTarballsUrl,
+  extractTarballFromUrl,
 } from '@verdaccio/tarball';
 import {
  AbbreviatedManifest,
@ -1345,7 +1346,7 @@ class Storage {
      // if uploaded tarball has a different shasum, it's very likely that we
      // have some kind of error
      if (validatioUtils.isObject(metadata.dist) && _.isString(metadata.dist.tarball)) {
-        const tarball = metadata.dist.tarball.replace(/.*\//, '');
+        const tarball = extractTarballFromUrl(metadata.dist.tarball);
        if (validatioUtils.isObject(data._attachments[tarball])) {
          if (
            _.isNil(data._attachments[tarball].shasum) === false &&