npm - @onekeyfe/react-native-split-bundle-loader - Versions diffs - 1.1.50 → 1.1.51 - Mend

@onekeyfe/react-native-split-bundle-loader 1.1.50 → 1.1.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/android/src/main/java/com/splitbundleloader/SplitBundleLoaderModule.kt +40 -1
package/ios/SplitBundleLoader.h +4 -0
package/ios/SplitBundleLoader.mm +68 -17
package/lib/module/NativeSplitBundleLoader.js.map +1 -1
package/lib/typescript/src/NativeSplitBundleLoader.d.ts +1 -0
package/lib/typescript/src/NativeSplitBundleLoader.d.ts.map +1 -1
package/package.json +1 -1
package/src/NativeSplitBundleLoader.ts +1 -0

package/android/src/main/java/com/splitbundleloader/SplitBundleLoaderModule.kt CHANGED Viewed

@@ -85,6 +85,26 @@ class SplitBundleLoaderModule(reactContext: ReactApplicationContext) :
         }
     }
+    // -----------------------------------------------------------------------
+    // resolveSegmentPath (Phase 3)
+    // -----------------------------------------------------------------------
+    override fun resolveSegmentPath(relativePath: String, sha256: String, promise: Promise) {
+        try {
+            val absolutePath = resolveSegmentPath(relativePath, sha256)
+            if (absolutePath != null) {
+                promise.resolve(absolutePath)
+            } else {
+                promise.reject(
+                    "SPLIT_BUNDLE_NOT_FOUND",
+                    "Segment file not found: $relativePath"
+                )
+            }
+        } catch (e: Exception) {
+            promise.reject("SPLIT_BUNDLE_RESOLVE_ERROR", e.message, e)
+        }
+    }
     // -----------------------------------------------------------------------
     // loadSegment
     // -----------------------------------------------------------------------
@@ -96,6 +116,10 @@ class SplitBundleLoaderModule(reactContext: ReactApplicationContext) :
         sha256: String,
         promise: Promise
     ) {
+        // NOTE (#44): sha256 param is not verified at load time by design.
+        // Per §6.4.1, runtime trusts that OTA install has already verified
+        // segment integrity. Builtin segments are signed as part of the APK/IPA.
+        // If runtime SHA-256 verification is needed, add it here.
         try {
             val segId = segmentId.toInt()
@@ -157,14 +181,29 @@ class SplitBundleLoaderModule(reactContext: ReactApplicationContext) :
     // Path resolution helpers
     // -----------------------------------------------------------------------
+    /**
+     * Verify resolved path stays within the expected root directory (#45).
+     * Prevents path traversal via ".." components in relativePath.
+     */
+    private fun isPathWithinRoot(root: File, resolved: File): Boolean {
+        return resolved.canonicalPath.startsWith(root.canonicalPath + File.separator) ||
+            resolved.canonicalPath == root.canonicalPath
+    }
     private fun resolveSegmentPath(relativePath: String, expectedSha256: String): String? {
+        // Path traversal guard (#45)
+        if (relativePath.contains("..")) {
+            SBLLogger.warn("Path traversal rejected: $relativePath")
+            return null
+        }
         // 1. Try OTA bundle directory first
         val otaBundlePath = getOtaBundlePath()
         if (!otaBundlePath.isNullOrEmpty()) {
             val otaRoot = File(otaBundlePath).parentFile
             if (otaRoot != null) {
                 val candidate = File(otaRoot, relativePath)
-                if (candidate.exists()) {
+                if (candidate.exists() && isPathWithinRoot(otaRoot, candidate)) {
                     return candidate.absolutePath
                 }
             }

package/ios/SplitBundleLoader.h CHANGED Viewed

@@ -10,5 +10,9 @@
              sha256:(NSString *)sha256
             resolve:(RCTPromiseResolveBlock)resolve
              reject:(RCTPromiseRejectBlock)reject;
+- (void)resolveSegmentPath:(NSString *)relativePath
+                    sha256:(NSString *)sha256
+                   resolve:(RCTPromiseResolveBlock)resolve
+                    reject:(RCTPromiseRejectBlock)reject;
 @end

package/ios/SplitBundleLoader.mm CHANGED Viewed

@@ -66,6 +66,11 @@
 /// Registers a segment with the current runtime, supporting both legacy bridge
 /// and bridgeless (RCTHost) architectures (#13).
+///
+/// Thread safety (#57): This method is called from the TurboModule (JS thread).
+/// RCTBridge.registerSegmentWithId:path: internally registers the segment with
+/// the Hermes runtime on the JS thread, which is the correct calling context.
+/// No queue dispatch is needed.
 + (BOOL)registerSegment:(int)segmentId path:(NSString *)path error:(NSError **)outError
 {
     // Try legacy bridge first
@@ -127,6 +132,62 @@
     }
 }
+// MARK: - Path resolution helper
+/// Resolves a relative segment path to an absolute path, checking OTA then builtin.
+/// Returns nil if the segment file is not found.
++ (nullable NSString *)resolveAbsolutePath:(NSString *)relativePath
+{
+    // 1. Try OTA bundle root first
+    NSString *otaPath = [SplitBundleLoader otaBundlePath];
+    if (otaPath) {
+        NSString *otaRoot = [otaPath stringByDeletingLastPathComponent];
+        NSString *candidate = [[otaRoot stringByAppendingPathComponent:relativePath] stringByStandardizingPath];
+        if ([candidate hasPrefix:otaRoot] &&
+            [[NSFileManager defaultManager] fileExistsAtPath:candidate]) {
+            return candidate;
+        }
+    }
+    // 2. Fallback to builtin resource path
+    NSString *builtinRoot = [[NSBundle mainBundle] resourcePath];
+    NSString *candidate = [[builtinRoot stringByAppendingPathComponent:relativePath] stringByStandardizingPath];
+    if ([candidate hasPrefix:builtinRoot] &&
+        [[NSFileManager defaultManager] fileExistsAtPath:candidate]) {
+        return candidate;
+    }
+    return nil;
+}
+// MARK: - resolveSegmentPath (Phase 3)
+- (void)resolveSegmentPath:(NSString *)relativePath
+                    sha256:(NSString *)sha256
+                   resolve:(RCTPromiseResolveBlock)resolve
+                    reject:(RCTPromiseRejectBlock)reject
+{
+    @try {
+        if ([relativePath containsString:@".."]) {
+            reject(@"SPLIT_BUNDLE_INVALID_PATH",
+                   [NSString stringWithFormat:@"Path traversal rejected: %@", relativePath],
+                   nil);
+            return;
+        }
+        NSString *absolutePath = [SplitBundleLoader resolveAbsolutePath:relativePath];
+        if (absolutePath) {
+            resolve(absolutePath);
+        } else {
+            reject(@"SPLIT_BUNDLE_NOT_FOUND",
+                   [NSString stringWithFormat:@"Segment file not found: %@", relativePath],
+                   nil);
+        }
+    } @catch (NSException *exception) {
+        reject(@"SPLIT_BUNDLE_RESOLVE_ERROR", exception.reason, nil);
+    }
+}
 // MARK: - loadSegment
 - (void)loadSegment:(double)segmentId
@@ -138,26 +199,16 @@
 {
     @try {
         int segId = (int)segmentId;
-        NSString *absolutePath = nil;
-        // 1. Try OTA bundle root first
-        NSString *otaPath = [SplitBundleLoader otaBundlePath];
-        if (otaPath) {
-            NSString *otaRoot = [otaPath stringByDeletingLastPathComponent];
-            NSString *candidate = [otaRoot stringByAppendingPathComponent:relativePath];
-            if ([[NSFileManager defaultManager] fileExistsAtPath:candidate]) {
-                absolutePath = candidate;
-            }
+        // Path traversal guard (#45)
+        if ([relativePath containsString:@".."]) {
+            reject(@"SPLIT_BUNDLE_INVALID_PATH",
+                   [NSString stringWithFormat:@"Path traversal rejected: %@", relativePath],
+                   nil);
+            return;
         }
-        // 2. Fallback to builtin resource path
-        if (!absolutePath) {
-            NSString *builtinRoot = [[NSBundle mainBundle] resourcePath];
-            NSString *candidate = [builtinRoot stringByAppendingPathComponent:relativePath];
-            if ([[NSFileManager defaultManager] fileExistsAtPath:candidate]) {
-                absolutePath = candidate;
-            }
-        }
+        NSString *absolutePath = [SplitBundleLoader resolveAbsolutePath:relativePath];
         if (!absolutePath) {
             reject(@"SPLIT_BUNDLE_NOT_FOUND",

package/lib/module/NativeSplitBundleLoader.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["TurboModuleRegistry","getEnforcing"],"sourceRoot":"../../src","sources":["NativeSplitBundleLoader.ts"],"mappings":";;AAAA,SAASA,mBAAmB,QAAQ,cAAc;~~AAqBlD~~,eAAeA,mBAAmB,CAACC,YAAY,CAAO,mBAAmB,CAAC","ignoreList":[]}
1	+ {"version":3,"names":["TurboModuleRegistry","getEnforcing"],"sourceRoot":"../../src","sources":["NativeSplitBundleLoader.ts"],"mappings":";;AAAA,SAASA,mBAAmB,QAAQ,cAAc;AAsBlD,eAAeA,mBAAmB,CAACC,YAAY,CAAO,mBAAmB,CAAC","ignoreList":[]}

package/lib/typescript/src/NativeSplitBundleLoader.d.ts CHANGED Viewed

@@ -9,6 +9,7 @@ export interface Spec extends TurboModule {
         bundleVersion?: string;
     }>;
     loadSegment(segmentId: number, segmentKey: string, relativePath: string, sha256: string): Promise<void>;
+    resolveSegmentPath(relativePath: string, sha256: string): Promise<string>;
 }
 declare const _default: Spec;
 export default _default;

package/lib/typescript/src/NativeSplitBundleLoader.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"NativeSplitBundleLoader.d.ts","sourceRoot":"","sources":["../../../src/NativeSplitBundleLoader.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,WAAW,IAAK,SAAQ,WAAW;IACvC,uBAAuB,IAAI,OAAO,CAAC;QACjC,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;QACnB,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,aAAa,EAAE,MAAM,CAAC;QACtB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC,CAAC;IACH,WAAW,CACT,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;~~CAClB~~;;AAED,wBAA2E"}
1	+ {"version":3,"file":"NativeSplitBundleLoader.d.ts","sourceRoot":"","sources":["../../../src/NativeSplitBundleLoader.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,WAAW,IAAK,SAAQ,WAAW;IACvC,uBAAuB,IAAI,OAAO,CAAC;QACjC,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;QACnB,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,aAAa,EAAE,MAAM,CAAC;QACtB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC,CAAC;IACH,WAAW,CACT,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB,kBAAkB,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3E;;AAED,wBAA2E"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@onekeyfe/react-native-split-bundle-loader",
-  "version": "1.1.50",
+  "version": "1.1.51",
   "description": "react-native-split-bundle-loader",
   "main": "./lib/module/index.js",
   "types": "./lib/typescript/src/index.d.ts",

package/src/NativeSplitBundleLoader.ts CHANGED Viewed

@@ -17,6 +17,7 @@ export interface Spec extends TurboModule {
     relativePath: string,
     sha256: string,
   ): Promise<void>;
+  resolveSegmentPath(relativePath: string, sha256: string): Promise<string>;
 }
 export default TurboModuleRegistry.getEnforcing<Spec>('SplitBundleLoader');