Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 799b2d5

Browse filesBrowse files
bmeckjasnell
authored and
danielleadams
committed
policy: fix cascade getting scope
PR-URL: #37298 Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Co-authored-by: James M Snell <jasnell@gmail.com>
1 parent 88d3f74 commit 799b2d5
Copy full SHA for 799b2d5

File tree

Expand file treeCollapse file tree

4 files changed

+49
-12
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

4 files changed

+49
-12
lines changed
Open diff view settings
Collapse file

‎lib/internal/policy/manifest.js‎

Copy file name to clipboardExpand all lines: lib/internal/policy/manifest.js
+17-11Lines changed: 17 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -41,8 +41,10 @@ const shouldAbortOnUncaughtException =
4141
getOptionValue('--abort-on-uncaught-exception');
4242
const { abort, exit, _rawDebug } = process;
4343

44+
const kTerminate = () => null;
45+
4446
// From https://url.spec.whatwg.org/#special-scheme
45-
const SPECIAL_SCHEMES = new SafeSet([
47+
const kSpecialSchemes = new SafeSet([
4648
'file:',
4749
'ftp:',
4850
'http:',
@@ -76,7 +78,7 @@ function REACTION_LOG(error) {
7678

7779
class Manifest {
7880
/**
79-
* @type {Map<string, DependencyMapper>}
81+
* @type {Map<string | null | undefined, DependencyMapper>}
8082
*
8183
* Used to compare a resource to the content body at the resource.
8284
* `true` is used to signify that all integrities are allowed, otherwise,
@@ -139,6 +141,8 @@ class Manifest {
139141
*/
140142
constructor(obj, manifestURL) {
141143
const scopes = this.#scopeDependencies;
144+
scopes.set(null, kTerminate);
145+
scopes.set(undefined, kTerminate);
142146
const integrities = this.#resourceIntegrities;
143147
const dependencies = this.#resourceDependencies;
144148
let reaction = REACTION_THROW;
@@ -205,18 +209,20 @@ class Manifest {
205209
return (toSpecifier, conditions) => {
206210
if (toSpecifier in dependencyMap !== true) {
207211
if (cascade === true) {
208-
let scopeHREF;
212+
/** @type {string | null} */
213+
let scopeHREF = resourceHREF;
209214
if (typeof parentDeps === 'undefined') {
210215
do {
211-
scopeHREF = this.#findScopeHREF(resourceHREF);
216+
scopeHREF = this.#findScopeHREF(scopeHREF);
217+
if (scopeHREF === resourceHREF) {
218+
scopeHREF = null;
219+
}
220+
if (scopes.has(scopeHREF)) {
221+
break;
222+
}
212223
} while (
213-
scopeHREF !== null &&
214-
scopes.has(scopeHREF) !== true
224+
scopeHREF !== null
215225
);
216-
}
217-
if (scopeHREF === null) {
218-
parentDeps = () => null;
219-
} else {
220226
parentDeps = scopes.get(scopeHREF);
221227
}
222228
return parentDeps(toSpecifier);
@@ -417,7 +423,7 @@ class Manifest {
417423
protocol = currentURL.protocol;
418424
}
419425
// Only a few schemes are hierarchical
420-
if (SPECIAL_SCHEMES.has(currentURL.protocol)) {
426+
if (kSpecialSchemes.has(currentURL.protocol)) {
421427
// Make first '..' act like '.'
422428
if (!StringPrototypeEndsWith(currentURL.pathname, '/')) {
423429
currentURL.pathname += '/';
Collapse file

‎test/fixtures/policy/dependencies/dependencies-scopes-and-resources-policy.json‎

Copy file name to clipboard
+14Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
{
2+
"resources": {
3+
"../multi-deps.js": {
4+
"integrity": true,
5+
"cascade": true
6+
}
7+
},
8+
"scopes": {
9+
"../": {
10+
"integrity": true,
11+
"dependencies": true
12+
}
13+
}
14+
}
Collapse file

‎test/fixtures/policy/multi-deps.js‎

Copy file name to clipboard
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
'use strict';
2+
require('fs');
3+
require('process');
Collapse file

‎test/parallel/test-policy-scopes.js‎

Copy file name to clipboardExpand all lines: test/parallel/test-policy-scopes.js
+15-1Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,8 @@ const fixtures = require('../common/fixtures');
1010
const assert = require('assert');
1111
const { spawnSync } = require('child_process');
1212

13-
const dep = fixtures.path('policy', 'main.mjs');
1413
{
14+
const dep = fixtures.path('policy', 'main.mjs');
1515
const depPolicy = fixtures.path(
1616
'policy',
1717
'dependencies',
@@ -24,3 +24,17 @@ const dep = fixtures.path('policy', 'main.mjs');
2424
);
2525
assert.strictEqual(status, 0);
2626
}
27+
{
28+
const dep = fixtures.path('policy', 'multi-deps.js');
29+
const depPolicy = fixtures.path(
30+
'policy',
31+
'dependencies',
32+
'dependencies-scopes-and-resources-policy.json');
33+
const { status } = spawnSync(
34+
process.execPath,
35+
[
36+
'--experimental-policy', depPolicy, dep,
37+
]
38+
);
39+
assert.strictEqual(status, 0);
40+
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.