mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-12-30 22:34:10 -05:00
chore(store): fix polynominal regex codeql (#4332)
This commit is contained in:
Marc Bernard
GitHub
parent
1c5106ec6f
commit
e14b064a38
4 changed files with 46 additions and 2 deletions
7
.changeset/olive-bananas-wink.md
Normal file
7
.changeset/olive-bananas-wink.md
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
'@verdaccio/store': patch
|
||||||
|
'@verdaccio/tarball': patch
|
||||||
|
---
|
||||||
|
|
||||||
|
- Fixes polynomial regular expression when determining the file name of tarball
|
||||||
|
- Add tests for extracting tarball name
|
||||||
|
|
@ -4,6 +4,6 @@ export {
|
||||||
convertDistRemoteToLocalTarballUrls,
|
convertDistRemoteToLocalTarballUrls,
|
||||||
convertDistVersionToLocalTarballsUrl,
|
convertDistVersionToLocalTarballsUrl,
|
||||||
} from './convertDistRemoteToLocalTarballUrls';
|
} from './convertDistRemoteToLocalTarballUrls';
|
||||||
export { getLocalRegistryTarballUri } from './getLocalRegistryTarballUri';
|
export { extractTarballFromUrl, getLocalRegistryTarballUri } from './getLocalRegistryTarballUri';
|
||||||
|
|
||||||
export { RequestOptions };
|
export { RequestOptions };
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,36 @@
|
||||||
|
import { extractTarballFromUrl } from '../src';
|
||||||
|
|
||||||
|
describe('extractTarballFromUrl', () => {
|
||||||
|
const metadata: any = {
|
||||||
|
name: 'npm_test',
|
||||||
|
versions: {
|
||||||
|
'1.0.0': {
|
||||||
|
dist: {
|
||||||
|
tarball: 'http://registry.org/npm_test/-/npm_test-1.0.0.tgz',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'1.0.1': {
|
||||||
|
dist: {
|
||||||
|
tarball: 'npm_test-1.0.1.tgz',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'1.0.2': {
|
||||||
|
dist: {
|
||||||
|
tarball: 'https://localhost/npm_test-1.0.2.tgz',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
test('should return only name of tarball', () => {
|
||||||
|
expect(extractTarballFromUrl(metadata.versions['1.0.0'].dist.tarball)).toEqual(
|
||||||
|
'npm_test-1.0.0.tgz'
|
||||||
|
);
|
||||||
|
expect(extractTarballFromUrl(metadata.versions['1.0.1'].dist.tarball)).toEqual(
|
||||||
|
'npm_test-1.0.1.tgz'
|
||||||
|
);
|
||||||
|
expect(extractTarballFromUrl(metadata.versions['1.0.2'].dist.tarball)).toEqual(
|
||||||
|
'npm_test-1.0.2.tgz'
|
||||||
|
);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
@ -27,6 +27,7 @@ import { IProxy, ISyncUplinksOptions, ProxySearchParams, ProxyStorage } from '@v
|
||||||
import {
|
import {
|
||||||
convertDistRemoteToLocalTarballUrls,
|
convertDistRemoteToLocalTarballUrls,
|
||||||
convertDistVersionToLocalTarballsUrl,
|
convertDistVersionToLocalTarballsUrl,
|
||||||
|
extractTarballFromUrl,
|
||||||
} from '@verdaccio/tarball';
|
} from '@verdaccio/tarball';
|
||||||
import {
|
import {
|
||||||
AbbreviatedManifest,
|
AbbreviatedManifest,
|
||||||
|
|
@ -1345,7 +1346,7 @@ class Storage {
|
||||||
// if uploaded tarball has a different shasum, it's very likely that we
|
// if uploaded tarball has a different shasum, it's very likely that we
|
||||||
// have some kind of error
|
// have some kind of error
|
||||||
if (validatioUtils.isObject(metadata.dist) && _.isString(metadata.dist.tarball)) {
|
if (validatioUtils.isObject(metadata.dist) && _.isString(metadata.dist.tarball)) {
|
||||||
const tarball = metadata.dist.tarball.replace(/.*\//, '');
|
const tarball = extractTarballFromUrl(metadata.dist.tarball);
|
||||||
if (validatioUtils.isObject(data._attachments[tarball])) {
|
if (validatioUtils.isObject(data._attachments[tarball])) {
|
||||||
if (
|
if (
|
||||||
_.isNil(data._attachments[tarball].shasum) === false &&
|
_.isNil(data._attachments[tarball].shasum) === false &&
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue